From 025cdd7dda9e014e67d0af16d8404d86d797008f Mon Sep 17 00:00:00 2001 From: "artem.ivanov" Date: Mon, 2 Dec 2024 11:19:26 +0300 Subject: [PATCH] Refactoring PKI unit tests --- .../all_certificates_by_subject_key_id.go | 20 +- ...approved_certificates_by_subject_key_id.go | 12 - x/pki/tests/handler_add_noc_ica_cert_test.go | 137 ++--- x/pki/tests/handler_add_noc_root_cert_test.go | 126 ++-- x/pki/tests/handler_add_paa_cert_test.go | 562 +++++++++++------- x/pki/tests/handler_add_pai_cert_test.go | 151 ++--- x/pki/tests/handler_assign_vid_test.go | 28 +- .../tests/handler_remove_noc_ica_cert_test.go | 467 ++++++++------- .../handler_remove_noc_root_cert_test.go | 316 +++++----- x/pki/tests/handler_remove_pai_cert_test.go | 231 ++++--- .../tests/handler_revoke_noc_ica_cert_test.go | 161 +++-- .../handler_revoke_noc_root_cert_test.go | 34 +- x/pki/tests/handler_revoke_paa_cert_test.go | 294 +++++---- x/pki/tests/handler_revoke_pai_cert_test.go | 106 ++-- x/pki/tests/test-design.md | 4 + x/pki/tests/utils/account.go | 2 +- x/pki/tests/utils/certificate_assertions.go | 385 ++++++------ x/pki/tests/utils/certificate_helpers.go | 9 + x/pki/tests/utils/data.go | 33 + .../all_certificates_by_subject_key_id.pb.go | 6 +- ...roved_certificates_by_subject_key_id.pb.go | 6 +- x/pki/types/genesis_test.go | 8 +- .../key_all_certificates_by_subject_key_id.go | 2 +- ...approved_certificates_by_subject_key_id.go | 2 +- 24 files changed, 1742 insertions(+), 1360 deletions(-) diff --git a/x/pki/keeper/all_certificates_by_subject_key_id.go b/x/pki/keeper/all_certificates_by_subject_key_id.go index 93384e4c1..92f383438 100644 --- a/x/pki/keeper/all_certificates_by_subject_key_id.go +++ b/x/pki/keeper/all_certificates_by_subject_key_id.go @@ -8,7 +8,7 @@ import ( "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" ) -// SetAllCertificatesBySubjectKeyID set a specific AllCertificatesBySubjectKeyId in the store from its index. +// SetAllCertificatesBySubjectKeyID set a specific AllCertificatesBySubjectKeyID in the store from its index. func (k Keeper) SetAllCertificatesBySubjectKeyID(ctx sdk.Context, allCertificatesBySubjectKeyID types.AllCertificatesBySubjectKeyId) { store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyIDKeyPrefix)) b := k.cdc.MustMarshal(&allCertificatesBySubjectKeyID) @@ -49,7 +49,7 @@ func (k Keeper) addAllCertificatesBySubjectKeyID(ctx sdk.Context, subjectKeyID s k.SetAllCertificatesBySubjectKeyID(ctx, AllCertificates) } -// GetAllCertificatesBySubjectKeyID returns a AllCertificatesBySubjectKeyId from its index. +// GetAllCertificatesBySubjectKeyID returns a AllCertificatesBySubjectKeyID from its index. func (k Keeper) GetAllCertificatesBySubjectKeyID( ctx sdk.Context, subjectKeyID string, @@ -69,7 +69,7 @@ func (k Keeper) GetAllCertificatesBySubjectKeyID( return val, true } -// RemoveAllCertificatesBySubjectKeyID removes a AllCertificatesBySubjectKeyId from the store. +// RemoveAllCertificatesBySubjectKeyID removes a AllCertificatesBySubjectKeyID from the store. func (k Keeper) RemoveAllCertificatesBySubjectKeyID( ctx sdk.Context, subject string, @@ -104,7 +104,7 @@ func (k Keeper) RemoveAllCertificatesBySubjectKeyIDBySerialNumber(ctx sdk.Contex }) } -// GetAllAllCertificatesBySubjectKeyID returns all AllCertificatesBySubjectKeyId. +// GetAllAllCertificatesBySubjectKeyID returns all AllCertificatesBySubjectKeyID. func (k Keeper) GetAllAllCertificatesBySubjectKeyID(ctx sdk.Context) (list []types.AllCertificatesBySubjectKeyId) { store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyIDKeyPrefix)) iterator := sdk.KVStorePrefixIterator(store, []byte{}) @@ -145,15 +145,3 @@ func (k Keeper) _removeAllCertificatesFromSubjectKeyIDState(ctx sdk.Context, sub k.SetAllCertificatesBySubjectKeyID(ctx, certs) } } - -// IsCertificatesBySubjectKeyIdPresent Check if the Certificate By Subject Key ID is present in the store. -func (k Keeper) IsCertificatesBySubjectKeyIdPresent( - ctx sdk.Context, - subjectKeyID string, -) bool { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.AllCertificatesBySubjectKeyIDKeyPrefix)) - - return store.Has(types.AllCertificatesBySubjectKeyIDKey( - subjectKeyID, - )) -} diff --git a/x/pki/keeper/approved_certificates_by_subject_key_id.go b/x/pki/keeper/approved_certificates_by_subject_key_id.go index bd02c92e3..5d8336606 100644 --- a/x/pki/keeper/approved_certificates_by_subject_key_id.go +++ b/x/pki/keeper/approved_certificates_by_subject_key_id.go @@ -145,15 +145,3 @@ func (k Keeper) _removeApprovedCertificatesFromSubjectKeyIDState(ctx sdk.Context k.SetApprovedCertificatesBySubjectKeyID(ctx, certs) } } - -// IsApprovedCertificatesBySubjectKeyIdPresent Check if the Approved Certificate By Subject Key ID is present in the store. -func (k Keeper) IsApprovedCertificatesBySubjectKeyIdPresent( - ctx sdk.Context, - subjectKeyID string, -) bool { - store := prefix.NewStore(ctx.KVStore(k.storeKey), pkitypes.KeyPrefix(types.ApprovedCertificatesBySubjectKeyIDKeyPrefix)) - - return store.Has(types.ApprovedCertificatesBySubjectKeyIDKey( - subjectKeyID, - )) -} diff --git a/x/pki/tests/handler_add_noc_ica_cert_test.go b/x/pki/tests/handler_add_noc_ica_cert_test.go index 3ba9fc317..8ade55b79 100644 --- a/x/pki/tests/handler_add_noc_ica_cert_test.go +++ b/x/pki/tests/handler_add_noc_ica_cert_test.go @@ -21,107 +21,88 @@ func TestHandler_AddNocIntermediateCert(t *testing.T) { accAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM) // add NOC ICA certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, accAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, accAddress, icaCertificate.PEM) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // we create root certificate as well but ica should not get there - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not be there + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } // Extra cases -func TestHandler_AddNocX509Cert_Renew(t *testing.T) { +func TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - vid := testconstants.Vid - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + accAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM) // Store the NOC certificate - newNocCertificate := types.NewNocCertificate( - testconstants.NocCert1, - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectAsText, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - testconstants.NocRootCert1Subject, - testconstants.NocRootCert1SubjectKeyID, - accAddress.String(), - vid, - testconstants.SchemaVersion, - ) - newNocCertificate.SerialNumber = testconstants.TestSerialNumber - - setup.Keeper.AddAllCertificate(setup.Ctx, newNocCertificate) - setup.Keeper.AddNocCertificate(setup.Ctx, newNocCertificate) - setup.Keeper.AddNocCertificateBySubjectKeyID(setup.Ctx, newNocCertificate) - setup.Keeper.AddNocCertificateBySubject(setup.Ctx, newNocCertificate) - setup.Keeper.AddNocIcaCertificate(setup.Ctx, newNocCertificate) - uniqueCertificate := types.UniqueCertificate{ - Issuer: newNocCertificate.Issuer, - SerialNumber: newNocCertificate.SerialNumber, - Present: true, - } - setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) + icaCertificate := utils.CreateTestNocIca1Cert() + intermediateCertificate := utils.NocIntermediateCertificate(accAddress) + intermediateCertificate.SerialNumber = testconstants.TestSerialNumber + utils.AddMokedNocCertificate(setup, intermediateCertificate, false) // add the new NOC certificate - addNocX509Cert := types.NewMsgAddNocX509IcaCert(accAddress.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) + addNocX509Cert := types.NewMsgAddNocX509IcaCert( + accAddress.String(), + icaCertificate.PEM, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509Cert) require.NoError(t, err) // query noc certificate by Subject and SKID - nocCertificates, err := utils.QueryNocCertificates(setup, newNocCertificate.Subject, newNocCertificate.SubjectKeyId) - require.NoError(t, err) - require.Equal(t, len(nocCertificates.Certs), 2) - require.Equal(t, &newNocCertificate, nocCertificates.Certs[0]) - - // query noc certificate by Subject - nocCertificatesBySubject, err := utils.QueryNocCertificatesBySubject(setup, newNocCertificate.Subject) - require.NoError(t, err) - require.Equal(t, 1, len(nocCertificatesBySubject.SubjectKeyIds)) - - // query noc certificate by SKID - nocCertificatesBySubjectKeyID, err := utils.QueryNocCertificatesBySubjectKeyID(setup, newNocCertificate.SubjectKeyId) - require.NoError(t, err) - require.Equal(t, 1, len(nocCertificatesBySubjectKeyID)) - require.Equal(t, 2, len(nocCertificatesBySubjectKeyID[0].Certs)) - require.Equal(t, testconstants.NocCert1Subject, nocCertificatesBySubjectKeyID[0].Certs[0].Subject) - require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCertificatesBySubjectKeyID[0].Certs[0].SubjectKeyId) - require.Equal(t, vid, nocCertificatesBySubjectKeyID[0].Certs[0].Vid) - - // query noc certificate by VID - nocCertificatesByVid, err := utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, len(nocCertificatesByVid.Certs), 2) - require.Equal(t, testconstants.NocCert1Subject, nocCertificatesByVid.Certs[0].Subject) - require.Equal(t, testconstants.NocCert1SubjectKeyID, nocCertificatesByVid.Certs[0].SubjectKeyId) - require.Equal(t, vid, nocCertificatesByVid.Certs[0].Vid) + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not be there + {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } // Error cases diff --git a/x/pki/tests/handler_add_noc_root_cert_test.go b/x/pki/tests/handler_add_noc_root_cert_test.go index dfc882d23..5b3705550 100644 --- a/x/pki/tests/handler_add_noc_root_cert_test.go +++ b/x/pki/tests/handler_add_noc_root_cert_test.go @@ -21,96 +21,76 @@ func TestHandler_AddNocRootCert(t *testing.T) { // add NOC root certificate rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, accAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, accAddress, rootCertificate.PEM) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } // Extra cases -func TestHandler_AddNocX509RootCert_Renew(t *testing.T) { +func TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - accAddress := utils.GenerateAccAddress() - setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + accAddress := setup.CreateVendorAccount(testconstants.Vid) // Store the NOC root certificate - nocRootCertificate := utils.RootCertificate(accAddress) - nocRootCertificate.SerialNumber = testconstants.TestSerialNumber - nocRootCertificate.CertificateType = types.CertificateType_OperationalPKI - nocRootCertificate.Approvals = nil - nocRootCertificate.Rejects = nil - - setup.Keeper.AddAllCertificate(setup.Ctx, nocRootCertificate) - setup.Keeper.AddNocCertificate(setup.Ctx, nocRootCertificate) - setup.Keeper.AddNocRootCertificate(setup.Ctx, nocRootCertificate) - setup.Keeper.AddNocCertificateBySubject(setup.Ctx, nocRootCertificate) - - uniqueCertificate := types.UniqueCertificate{ - Issuer: nocRootCertificate.Issuer, - SerialNumber: nocRootCertificate.SerialNumber, - Present: true, - } - setup.Keeper.SetUniqueCertificate(setup.Ctx, uniqueCertificate) - - // new NOC root certificate - newNocCertificate := utils.RootCertificate(accAddress) - newNocCertificate.CertificateType = types.CertificateType_OperationalPKI - newNocCertificate.Approvals = nil - newNocCertificate.Rejects = nil + rootCertificate1 := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, accAddress, rootCertificate1.PEM) // add the new NOC root certificate - addNocX509RootCert := types.NewMsgAddNocX509RootCert(accAddress.String(), newNocCertificate.PemCert, testconstants.CertSchemaVersion) + rootCertificate2 := utils.CreateTestNocRoot2Cert() + addNocX509RootCert := types.NewMsgAddNocX509RootCert( + accAddress.String(), + rootCertificate2.PEM, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addNocX509RootCert) require.NoError(t, err) - // query noc root certificate by Subject and SKID - nocCertificates, err := utils.QueryNocCertificates(setup, newNocCertificate.Subject, newNocCertificate.SubjectKeyId) - require.NoError(t, err) - require.Equal(t, len(nocCertificates.Certs), 2) - require.Equal(t, &newNocCertificate, nocCertificates.Certs[1]) - - // query noc root certificate by Subject - nocCertificatesBySubject, err := utils.QueryNocCertificatesBySubject(setup, newNocCertificate.Subject) - require.NoError(t, err) - require.Equal(t, 1, len(nocCertificatesBySubject.SubjectKeyIds)) - require.Equal(t, newNocCertificate.SubjectKeyId, nocCertificatesBySubject.SubjectKeyIds[0]) - - // query noc root certificate by SKID - nocCertificatesBySubjectKeyID, err := utils.QueryNocCertificatesBySubjectKeyID(setup, newNocCertificate.SubjectKeyId) - require.NoError(t, err) - require.Equal(t, 1, len(nocCertificatesBySubjectKeyID)) - require.Equal(t, 1, len(nocCertificatesBySubjectKeyID[0].Certs)) - require.Equal(t, &newNocCertificate, nocCertificatesBySubjectKeyID[0].Certs[0]) - - // query noc root certificate by VID - nocRootCertificates, err := utils.QueryNocRootCertificatesByVid(setup, testconstants.Vid) - require.NoError(t, err) - require.Equal(t, len(nocRootCertificates.Certs), 2) - require.Equal(t, &newNocCertificate, nocRootCertificates.Certs[1]) - - // query noc root certificate by VID and SKID - renewedNocRootCertificate, err := utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, newNocCertificate.SubjectKeyId) - require.NoError(t, err) - require.Equal(t, &newNocCertificate, renewedNocRootCertificate.Certs[0]) + // check indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 2}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) + utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } // Error cases diff --git a/x/pki/tests/handler_add_paa_cert_test.go b/x/pki/tests/handler_add_paa_cert_test.go index 516d514fd..666057fa8 100644 --- a/x/pki/tests/handler_add_paa_cert_test.go +++ b/x/pki/tests/handler_add_paa_cert_test.go @@ -25,7 +25,7 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { // propose DA root certificate proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + rootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion, @@ -34,17 +34,21 @@ func TestHandler_ProposeAddDaRootCert(t *testing.T) { require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -61,7 +65,7 @@ func TestHandler_AddDaRootCert(t *testing.T) { // propose add x509 root certificate by trustee proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + rootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion, @@ -72,25 +76,29 @@ func TestHandler_AddDaRootCert(t *testing.T) { // approve by second trustee approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( setup.Trustee2.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } @@ -103,7 +111,7 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { // propose x509 root certificate by account without trustee role proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + rootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion, @@ -121,36 +129,40 @@ func TestHandler_AddDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { for i := 1; i < twoThirds-1; i++ { approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( trusteeAccounts[i].String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) - _, err = utils.QueryApprovedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) + _, err = utils.QueryApprovedCertificates(setup, rootCertificate.Subject, rootCertificate.SubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) } // One more approval will move this to approved state from pending approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee2.String(), rootCertificate.Subject, rootCertificate.SubjectKeyID, testconstants.Info) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -180,7 +192,7 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) // propose x509 root certificate by account Trustee1 proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + rootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion, @@ -191,8 +203,8 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) // approve x509 root certificate by account Trustee2 approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( setup.Trustee2.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) @@ -201,8 +213,8 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) // approve x509 root certificate by account Trustee3 approveAddX509RootCert = types.NewMsgApproveAddX509RootCert( setup.Trustee3.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) @@ -211,41 +223,48 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) // reject x509 root certificate by account Trustee4 rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( fourthTrustee.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) // Check: ProposedCertificate - present because we haven't enough approvals - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // approve x509 root certificate by account Trustee5 approveAddX509RootCert = types.NewMsgApproveAddX509RootCert( fifthTrustee.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + rootCertificate.Subject, + rootCertificate.SubjectKeyID, testconstants.Info, ) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) // Check indexes - indexes = []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } @@ -255,18 +274,16 @@ func TestHandler_AddDaRootCert_FourApprovalsAreNeeded_FiveTrustees(t *testing.T) func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { setup := utils.Setup(t) - testRootCertificate := utils.CreateTestRootCert() - testRootCertificate.SerialNumber = utils.SerialNumber - // store root certificate with different serial number rootCertificate := utils.RootCertificate(setup.Trustee1) rootCertificate.SerialNumber = utils.SerialNumber utils.AddMokedDaCertificate(setup, rootCertificate, true) // propose second root certificate + testRootCertificate := utils.CreateTestRootCert() proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + testRootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -274,22 +291,26 @@ func TestHandler_ProposeAddX509RootCert_ForDifferentSerialNumber(t *testing.T) { require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: true}, // we have both: Proposed and Approved - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true, Count: 1}, // single approved - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, // we have both: Proposed and Approved + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 1}, // single approved + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) // additional check - require.Equal(t, testconstants.RootSerialNumber, resolvedCertificates.ProposedCertificate.SerialNumber) + require.Equal(t, testRootCertificate.SerialNumber, resolvedCertificates.ProposedCertificate.SerialNumber) } func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T) { @@ -300,9 +321,9 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T // add Certificate1 rootCertOptions := &utils.RootCertOptions{ - PemCert: testconstants.PAACertWithSameSubjectID1, - Subject: testconstants.PAACertWithSameSubjectID1Subject, - SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, + PemCert: testRootCertificate.PEM, + Subject: testRootCertificate.Subject, + SubjectKeyID: testRootCertificate.SubjectKeyID, Info: testconstants.Info, Vid: testconstants.Vid, } @@ -310,9 +331,9 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T // add Certificate2 rootCert2Options := &utils.RootCertOptions{ - PemCert: testconstants.PAACertWithSameSubjectID2, - Subject: testconstants.PAACertWithSameSubjectID2Subject, - SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, + PemCert: testRootCertificate2.PEM, + Subject: testRootCertificate2.Subject, + SubjectKeyID: testRootCertificate2.SubjectKeyID, Info: testconstants.Info, Vid: testconstants.Vid, } @@ -326,17 +347,21 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T require.Equal(t, 2, len(allCertificates)) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } // check for first utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) @@ -344,9 +369,9 @@ func TestHandler_AddDaRootCerts_SameSubjectKeyIdButDifferentSubject(t *testing.T resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate2, indexes) // Additional checks - require.Equal(t, testconstants.PAACertWithSameSubjectIDSubjectID, resolvedCertificates.AllCertificatesBySubjectKeyId[0].SubjectKeyId) - require.Equal(t, testconstants.PAACertWithSameSubjectID1Subject, resolvedCertificates.AllCertificatesBySubjectKeyId[0].Certs[0].Subject) - require.Equal(t, testconstants.PAACertWithSameSubjectID2Subject, resolvedCertificates.AllCertificatesBySubjectKeyId[0].Certs[1].Subject) + require.Equal(t, testRootCertificate.SubjectKeyID, resolvedCertificates.AllCertificatesBySubjectKeyID[0].SubjectKeyId) + require.Equal(t, testRootCertificate.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[0].Subject) + require.Equal(t, testRootCertificate2.Subject, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[1].Subject) } func TestHandler_RejectAddDaRootCert(t *testing.T) { @@ -357,7 +382,7 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { // propose x509 root certificate by account Trustee1 proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( setup.Trustee1.String(), - testconstants.RootCertPem, + testRootCertificate.PEM, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) @@ -367,24 +392,28 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { // reject x509 root certificate by account Trustee2 rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( setup.Trustee2.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + testRootCertificate.Subject, + testRootCertificate.SubjectKeyID, testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) // certificate should be in the entity , because we haven't enough reject approvals - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } // check certificate state indexes resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) @@ -398,24 +427,28 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { // reject x509 root certificate by account Trustee3 rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert( setup.Trustee3.String(), - testconstants.RootSubject, - testconstants.RootSubjectKeyID, + testRootCertificate.Subject, + testRootCertificate.SubjectKeyID, testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) // certificate should not be in the entity , because we have enough reject approvals - indexes = []utils.TestIndex{ - {Key: types.RejectedCertificateKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } // check certificate state indexes resolvedCertificates = utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) @@ -431,8 +464,15 @@ func TestHandler_RejectAddDaRootCert(t *testing.T) { func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t *testing.T) { setup := utils.Setup(t) + + rootCertificate := utils.CreateTestRootCert() + // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) @@ -443,19 +483,31 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // approve x509 root certificate by account Trustee2 - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) - pendingCert, _ := setup.Keeper.GetProposedCertificate(setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID) + pendingCert, _ := setup.Keeper.GetProposedCertificate( + setup.Ctx, + rootCertificate.Subject, + rootCertificate.SubjectKeyID) prevRejectsLen := len(pendingCert.Rejects) prevApprovalsLen := len(pendingCert.Approvals) // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) - pendingCert, found := setup.Keeper.GetProposedCertificate(setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID) + pendingCert, found := setup.Keeper.GetProposedCertificate(setup.Ctx, + rootCertificate.Subject, + rootCertificate.SubjectKeyID) require.True(t, found) require.Equal(t, len(pendingCert.Rejects), prevRejectsLen+1) require.Equal(t, len(pendingCert.Approvals), prevApprovalsLen-1) @@ -464,8 +516,16 @@ func TestHandler_ApproveX509RootCertAndRejectX509RootCert_FromTheSameTrustee(t * func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t *testing.T) { setup := utils.Setup(t) + + rootCertificate := utils.CreateTestRootCert() + // propose add x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) @@ -476,19 +536,34 @@ func TestHandler_RejectX509RootCertAndApproveX509RootCert_FromTheSameTrustee(t * setup.AddAccount(accAddress, []dclauthtypes.AccountRole{role}, 1) // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) - pendingCert, _ := setup.Keeper.GetProposedCertificate(setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID) + pendingCert, _ := setup.Keeper.GetProposedCertificate( + setup.Ctx, + rootCertificate.Subject, + rootCertificate.SubjectKeyID) prevRejectsLen := len(pendingCert.Rejects) prevApprovalsLen := len(pendingCert.Approvals) + // approve x509 root certificate by account Trustee2 - approveAddX509RootCert := types.NewMsgApproveAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) - pendingCert, found := setup.Keeper.GetProposedCertificate(setup.Ctx, testconstants.RootSubject, testconstants.RootSubjectKeyID) + pendingCert, found := setup.Keeper.GetProposedCertificate( + setup.Ctx, + rootCertificate.Subject, + rootCertificate.SubjectKeyID) require.True(t, found) require.Equal(t, len(pendingCert.Rejects), prevRejectsLen-1) require.Equal(t, len(pendingCert.Approvals), prevApprovalsLen+1) @@ -509,91 +584,155 @@ func TestHandler_RejectX509RootCert_TwoRejectApprovalsAreNeeded_FiveTrustees(t * setup.AddAccount(fifthTrustee, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) // propose x509 root certificate by account Trustee1 - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + rootCertificate := utils.CreateTestRootCert() + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) // reject x509 root certificate by account Trustee2 - rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectAddX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) - // certificate should be in the entity , because we haven't enough reject approvals - proposedCertificate, err := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - - // check proposed certificate - require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, proposedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, proposedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, proposedCertificate.SerialNumber) + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, // not rejected yet + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // reject x509 root certificate by account Trustee3 - rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert(setup.Trustee3.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectAddX509RootCert = types.NewMsgRejectAddX509RootCert( + setup.Trustee3.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectAddX509RootCert) require.NoError(t, err) - // certificate should be in the entity , because we have enough rejected approvals - rejectedCertificates, err := utils.QueryRejectedCertificates(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - require.NoError(t, err) - - // check rejected certificate - rejectedCertificate := rejectedCertificates.Certs[0] - require.Equal(t, proposeAddX509RootCert.Cert, rejectedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, rejectedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, rejectedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, rejectedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, rejectedCertificate.SerialNumber) + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, // certificate is rejected now + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_ProposeAddAndRejectX509RootCert_ByTrustee(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + rootCertificate := utils.CreateTestRootCert() + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) // reject x509 root certificate - rejectX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectX509RootCert) require.NoError(t, err) - require.False(t, setup.Keeper.IsProposedCertificatePresent(setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) - - // check that unique certificate key is registered - require.False(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) + // check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, // certificates do not get into rejected collection because there were no approvals before + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_ProposeAddAndRejectX509RootCert_ByAnotherTrustee(t *testing.T) { setup := utils.Setup(t) // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + rootCertificate := utils.CreateTestRootCert() + + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) // reject x509 root certificate - rejectX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectX509RootCert) require.NoError(t, err) - // query proposed certificate - proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - - // check proposed certificate - require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, proposedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, proposedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, proposedCertificate.SerialNumber) - require.True(t, proposedCertificate.HasApprovalFrom(setup.Trustee1.String())) - - // check that unique certificate key is registered - require.True(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) + // check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testing.T) { @@ -601,37 +740,58 @@ func TestHandler_ProposeAddAndRejectX509RootCertWithApproval_ByTrustee(t *testin accAddress := utils.GenerateAccAddress() setup.AddAccount(accAddress, []dclauthtypes.AccountRole{dclauthtypes.Trustee}, 1) + // propose x509 root certificate - proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert(setup.Trustee1.String(), testconstants.RootCertPem, testconstants.Info, testconstants.Vid, testconstants.CertSchemaVersion) + rootCertificate := utils.CreateTestRootCert() + proposeAddX509RootCert := types.NewMsgProposeAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.PEM, + testconstants.Info, + testconstants.Vid, + testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, proposeAddX509RootCert) require.NoError(t, err) // approve approveAddX509RootCert := types.NewMsgApproveAddX509RootCert( - setup.Trustee2.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + setup.Trustee2.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, approveAddX509RootCert) require.NoError(t, err) // reject x509 root certificate - rejectX509RootCert := types.NewMsgRejectAddX509RootCert(setup.Trustee1.String(), testconstants.RootSubject, testconstants.RootSubjectKeyID, testconstants.Info) + rejectX509RootCert := types.NewMsgRejectAddX509RootCert( + setup.Trustee1.String(), + rootCertificate.Subject, + rootCertificate.SubjectKeyID, + testconstants.Info) _, err = setup.Handler(setup.Ctx, rejectX509RootCert) require.NoError(t, err) - // query proposed certificate - proposedCertificate, _ := utils.QueryProposedCertificate(setup, testconstants.RootSubject, testconstants.RootSubjectKeyID) - - // check proposed certificate - require.Equal(t, proposeAddX509RootCert.Cert, proposedCertificate.PemCert) - require.Equal(t, proposeAddX509RootCert.Signer, proposedCertificate.Owner) - require.Equal(t, testconstants.RootSubject, proposedCertificate.Subject) - require.Equal(t, testconstants.RootSubjectKeyID, proposedCertificate.SubjectKeyId) - require.Equal(t, testconstants.RootSerialNumber, proposedCertificate.SerialNumber) - require.True(t, proposedCertificate.HasRejectFrom(setup.Trustee1.String())) - require.True(t, proposedCertificate.HasApprovalFrom(setup.Trustee2.String())) + // check state indexes + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RejectedCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + } + resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) - // check that unique certificate key is registered - require.True(t, setup.Keeper.IsUniqueCertificatePresent( - setup.Ctx, testconstants.RootIssuer, testconstants.RootSerialNumber)) + // additional checks + require.True(t, resolvedCertificates.ProposedCertificate.HasRejectFrom(setup.Trustee1.String())) + require.True(t, resolvedCertificates.ProposedCertificate.HasApprovalFrom(setup.Trustee2.String())) } // Error cases diff --git a/x/pki/tests/handler_add_pai_cert_test.go b/x/pki/tests/handler_add_pai_cert_test.go index b8e9e0b31..651e80e41 100644 --- a/x/pki/tests/handler_add_pai_cert_test.go +++ b/x/pki/tests/handler_add_pai_cert_test.go @@ -30,24 +30,28 @@ func TestHandler_AddDaIntermediateCert(t *testing.T) { addX509Cert := types.NewMsgAddX509Cert( accAddress.String(), - testconstants.IntermediateCertPem, + testIntermediateCertificate.PEM, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } @@ -68,24 +72,28 @@ func TestHandler_AddDaIntermediateCert_VidScoped(t *testing.T) { addX509Cert := types.NewMsgAddX509Cert( accAddress.String(), - testconstants.PAICertWithNumericPidVid, + testIntermediateCertificate.PEM, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } @@ -111,7 +119,7 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( // store intermediate certificate second time addX509Cert := types.NewMsgAddX509Cert( vendorAccAddress.String(), - testconstants.IntermediateCertPem, + testIntermediateCertificate1.PEM, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addX509Cert) require.NoError(t, err) @@ -125,18 +133,22 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( require.Equal(t, 2, len(allCertificates)) // root + intermediate // Check indexes for certificate1 - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RejectedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 2}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.ChildCertificatesKeyPrefix, Count: 1}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RejectedCertificateKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) @@ -151,7 +163,6 @@ func TestHandler_AddDaIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber( // Check indexes for certificate2 utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) - } func TestHandler_AddDaCert_ForTree(t *testing.T) { @@ -170,7 +181,7 @@ func TestHandler_AddDaCert_ForTree(t *testing.T) { // add intermediate x509 certificate addIntermediateX509Cert := types.NewMsgAddX509Cert( vendorAccAddress.String(), - testconstants.IntermediateCertPem, + testIntermediateCertificate.PEM, testconstants.CertSchemaVersion) _, err := setup.Handler(setup.Ctx, addIntermediateX509Cert) require.NoError(t, err) @@ -178,50 +189,46 @@ func TestHandler_AddDaCert_ForTree(t *testing.T) { // add leaf x509 certificate addLeafX509Cert := types.NewMsgAddX509Cert( vendorAccAddress.String(), - testconstants.LeafCertPem, + testLeafCertificate.PEM, testconstants.CertSchemaVersion) _, err = setup.Handler(setup.Ctx, addLeafX509Cert) require.NoError(t, err) // Check indexes for root - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, testRootCertificate, indexes) // Check indexes for intermediate - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix, Count: 1}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) // Check indexes for leaf - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - } utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } diff --git a/x/pki/tests/handler_assign_vid_test.go b/x/pki/tests/handler_assign_vid_test.go index 40a8913be..fa03d7217 100644 --- a/x/pki/tests/handler_assign_vid_test.go +++ b/x/pki/tests/handler_assign_vid_test.go @@ -38,24 +38,28 @@ func TestHandler_AssignVid_certificateWithoutSubjectVid(t *testing.T) { // DA certificates indexes checks // Check indexes - indexes := []utils.TestIndex{ - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // Check VID is assigned require.Equal(t, testconstants.Vid, resolvedCertificates.ApprovedCertificates.Certs[0].Vid) - require.Equal(t, testconstants.Vid, resolvedCertificates.ApprovedCertificatesBySubjectKeyId[0].Certs[0].Vid) + require.Equal(t, testconstants.Vid, resolvedCertificates.ApprovedCertificatesBySubjectKeyID[0].Certs[0].Vid) require.Equal(t, testconstants.Vid, resolvedCertificates.AllCertificates.Certs[0].Vid) - require.Equal(t, testconstants.Vid, resolvedCertificates.AllCertificatesBySubjectKeyId[0].Certs[0].Vid) + require.Equal(t, testconstants.Vid, resolvedCertificates.AllCertificatesBySubjectKeyID[0].Certs[0].Vid) } func TestHandler_AssignVid_certificateWithSubjectVid(t *testing.T) { diff --git a/x/pki/tests/handler_remove_noc_ica_cert_test.go b/x/pki/tests/handler_remove_noc_ica_cert_test.go index f2f689daa..a5ad4649a 100644 --- a/x/pki/tests/handler_remove_noc_ica_cert_test.go +++ b/x/pki/tests/handler_remove_noc_ica_cert_test.go @@ -32,29 +32,34 @@ func TestHandler_RemoveNocIntermediateCert(t *testing.T) { // remove intermediate certificate removeIcaCert := types.NewMsgRemoveNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, "", ) _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } @@ -68,18 +73,19 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // add two intermediate certificates icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate1.PEM) icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate2.PEM) // add leaf certificate leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, leafCertificate.PEM) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -88,15 +94,19 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, 4, len(nocCerts[0].Certs)+len(nocCerts[1].Certs)+len(nocCerts[2].Certs)) // Check indexes for intermediate certificates before removing - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 3}, // 2 inter + leaf certs exist + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 3}, // 2 inter + leaf certs exist + + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) @@ -104,51 +114,60 @@ func TestHandler_RemoveNocX509IcaCert_BySubjectAndSKID(t *testing.T) { // remove all intermediate certificates but leave leaf certificate (NocCert1 and NocCert1Copy) removeIcaCert := types.NewMsgRemoveNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyID, "", ) _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) // Check indexes for intermediate certificates - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 1}, // leaf cert with same vid exist - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, // leaf cert with same vid exist + + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // Check indexes - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 1}, // only leaf exits - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, // only leaf exits + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) @@ -162,35 +181,38 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // Add ICA certificates icaCertificate1 := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate1.PEM) // Add ICA certificates with sam subject and SKID but different serial number icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate2.PEM) // Add a leaf certificate leafCertificate := utils.CreateTestNocLeafCert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocLeafCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, leafCertificate.PEM) // Check indexes for intermediate certificates before removing - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 2}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 3}, // 2 inter + leaf certs exist + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 2}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocCertificatesKeyPrefix, Count: 2}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 3}, // 2 inter + leaf certs exist + + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) @@ -198,48 +220,56 @@ func TestHandler_RemoveNocX509IcaCert_BySerialNumber(t *testing.T) { // remove ICA certificate by serial number removeIcaCert := types.NewMsgRemoveNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, + icaCertificate1.Subject, + icaCertificate1.SubjectKeyID, + icaCertificate1.SerialNumber, ) _, err := setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) // Check indexes for first certificate (second ica exist) - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 2}, // ica and leaf cert with same vid exist - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, // removed - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // ica and leaf cert with same vid exist + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, // removed + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) // Check indexes for second certificate (all same as for ica1 but also UniqueCertificate exists) - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true, Count: 1}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 2}, // ica and leaf cert with same vid exist - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, // all same as for ica1 but also UniqueCertificate exists - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 2}, // ica and leaf cert with same vid exist + {Key: types.UniqueCertificateKeyPrefix}, // all same as for ica1 but also UniqueCertificate exists + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) @@ -251,23 +281,22 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // Add an intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) // revoke intermediate certificate by serial number revokeX509Cert := types.NewMsgRevokeNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, + icaCertificate.SerialNumber, testconstants.Info, false, ) @@ -275,47 +304,54 @@ func TestHandler_RemoveNocX509IcaCert_RevokedCertificate(t *testing.T) { require.NoError(t, err) // Check indexes after revocation - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) // remove intermediate certificate by serial number removeIcaCert := types.NewMsgRemoveNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, + icaCertificate.SerialNumber, ) _, err = setup.Handler(setup.Ctx, removeIcaCert) require.NoError(t, err) - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } @@ -326,23 +362,22 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // Add an intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) // revoke an intermediate certificate revokeX509Cert := types.NewMsgRevokeNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, - testconstants.NocCert1SerialNumber, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, + icaCertificate.SerialNumber, testconstants.Info, false, ) @@ -350,49 +385,56 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) require.NoError(t, err) // Check indexes after revocation - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) // Add an intermediate certificate with new serial number icaCertificate2 := utils.CreateTestNocIca1CertCopy() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1Copy) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate2.PEM) // Check indexes - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // we create root certificate as well but ica should not get there - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, // we have evoked cert with same id + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // we create root certificate as well but ica should not get there + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, // we have evoked cert with same id + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // remove an intermediate certificate removeIcaCert := types.NewMsgRemoveNocX509IcaCert( vendorAccAddress.String(), - testconstants.NocCert1Subject, - testconstants.NocCert1SubjectKeyID, + icaCertificate.Subject, + icaCertificate.SubjectKeyID, "", ) _, err = setup.Handler(setup.Ctx, removeIcaCert) @@ -403,20 +445,23 @@ func TestHandler_RemoveNocX509IcaCert_RevokedAndActiveCertificate(t *testing.T) require.Equal(t, 1, len(allCerts)) require.Equal(t, true, allCerts[0].Certs[0].IsRoot) - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) @@ -426,16 +471,14 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificate - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + rootCertificate := utils.CreateTestNocRoot1Cert() + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // add first vendor account with VID = 1 - vendorAccAddress1 := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress1, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, testconstants.Vid) + vendorAccAddress1 := setup.CreateVendorAccount(testconstants.Vid) // add ICA certificate by fist vendor account addIcaCert := types.NewMsgAddNocX509IcaCert(vendorAccAddress1.String(), testconstants.NocCert1, testconstants.CertSchemaVersion) @@ -472,7 +515,7 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { require.Equal(t, 0, len(nocCerts)) // query noc certificate by VID - _, err = utils.QueryNocIcaCertificatesByVid(setup, vid) + _, err = utils.QueryNocIcaCertificatesByVid(setup, testconstants.Vid) require.Equal(t, codes.NotFound, status.Code(err)) // check that unique certificate key is not registered @@ -480,7 +523,7 @@ func TestHandler_RemoveNocX509IcaCert_ByNotOwnerButSameVendor(t *testing.T) { testconstants.NocCert1Issuer, testconstants.NocCert1SerialNumber)) // check that intermediate certificate can not be queried by vid+skid - _, err = utils.QueryNocCertificatesByVidAndSkid(setup, vid, testconstants.NocCert1SubjectKeyID) + _, err = utils.QueryNocCertificatesByVidAndSkid(setup, testconstants.Vid, testconstants.NocCert1SubjectKeyID) require.Error(t, err) require.Equal(t, codes.NotFound, status.Code(err)) } diff --git a/x/pki/tests/handler_remove_noc_root_cert_test.go b/x/pki/tests/handler_remove_noc_root_cert_test.go index e8054f6f5..41a60d77b 100644 --- a/x/pki/tests/handler_remove_noc_root_cert_test.go +++ b/x/pki/tests/handler_remove_noc_root_cert_test.go @@ -24,7 +24,7 @@ func TestHandler_RemoveNocRootCert(t *testing.T) { // add NOC root certificates rootCertificate := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate.PEM) // remove noc root certificate removeIcaCert := types.NewMsgRemoveNocX509RootCert( @@ -37,21 +37,24 @@ func TestHandler_RemoveNocRootCert(t *testing.T) { require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } @@ -60,19 +63,18 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := setup.CreateVendorAccount(vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificates rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate1.PEM) rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate2.PEM) // Add intermediate certificate icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) // get certificates for further comparison nocCerts := setup.Keeper.GetAllNocCertificates(setup.Ctx) @@ -97,35 +99,41 @@ func TestHandler_RemoveNocX509RootCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) // Check indexes for root certificates - indexes := []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) // Check indexes for intermediate certificates - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } @@ -134,20 +142,18 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { setup := utils.Setup(t) // Add vendor account - vid := testconstants.Vid - vendorAccAddress := utils.GenerateAccAddress() - setup.AddAccount(vendorAccAddress, []dclauthtypes.AccountRole{dclauthtypes.Vendor}, vid) + vendorAccAddress := setup.CreateVendorAccount(testconstants.Vid) // add NOC root certificates rootCertificate1 := utils.CreateTestNocRoot1Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1) + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate1.PEM) rootCertificate2 := utils.CreateTestNocRoot2Cert() - utils.AddNocRootCertificate(setup, vendorAccAddress, testconstants.NocRootCert1Copy) + utils.AddNocRootCertificate(setup, vendorAccAddress, rootCertificate2.PEM) // Add ICA certificates icaCertificate := utils.CreateTestNocIca1Cert() - utils.AddNocIntermediateCertificate(setup, vendorAccAddress, testconstants.NocCert1) + utils.AddNocIntermediateCertificate(setup, vendorAccAddress, icaCertificate.PEM) // remove NOC root certificate by serial number removeIcaCert := types.NewMsgRemoveNocX509RootCert( @@ -165,39 +171,46 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { // NocCertificates: Subject and SKID nocCertificates, err := utils.QueryNocCertificates( setup, - testconstants.NocRootCert1CopySubject, - testconstants.NocRootCert1CopySubjectKeyID, + rootCertificate2.Subject, + rootCertificate2.SubjectKeyID, ) require.NoError(t, err) require.Equal(t, 1, len(nocCertificates.Certs)) // Check indexes for root certificates - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) @@ -217,35 +230,41 @@ func TestHandler_RemoveNocX509RootCert_BySerialNumber(t *testing.T) { require.Equal(t, testconstants.NocCert1SerialNumber, nocCerts[0].Certs[0].SerialNumber) // Check indexes for root certificates - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) // Check indexes for intermediate certificates - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } @@ -280,16 +299,20 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { require.NoError(t, err) // Check indexes for root certificates - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix, Count: 2}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) @@ -298,17 +321,20 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { require.Equal(t, 2, len(revokedCerts.Certs)) // Check that intermediate certificates does not exist - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) @@ -327,32 +353,38 @@ func TestHandler_RemoveNocX509RootCert_RevokedCertificate(t *testing.T) { require.Equal(t, testconstants.NocCert1SerialNumber, allCerts[0].Certs[0].SerialNumber) // Check indexes for root certificates - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) // Check that intermediate certificates still exist - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } diff --git a/x/pki/tests/handler_remove_pai_cert_test.go b/x/pki/tests/handler_remove_pai_cert_test.go index d5d0f481f..b23a81854 100644 --- a/x/pki/tests/handler_remove_pai_cert_test.go +++ b/x/pki/tests/handler_remove_pai_cert_test.go @@ -45,17 +45,20 @@ func TestHandler_RemoveDaIntermediateCert_BySubjectAndSKID(t *testing.T) { require.Equal(t, 1, len(allCerts)) // Check indexes for intermediate certificate - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } @@ -110,33 +113,41 @@ func TestHandler_RemoveX509Cert_BySubjectAndSKID_TwoCerts(t *testing.T) { require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) // Check indexes for intermediate certificate - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - //{Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, // leaf cert has same subject - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - //{Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, // leaf cert has same subject - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + // {Key: types.AllCertificatesBySubjectKeyPrefix}, // leaf cert has same subject + // {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, // leaf cert has same subject + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) // check that leaf certificate exists - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } @@ -185,39 +196,49 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { require.Equal(t, 3, len(allCerts[0].Certs)+len(allCerts[1].Certs)+len(allCerts[2].Certs)) // Check indexes for intermediate certificate 1 - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) // Check indexes for intermediate certificate 2 (all the same but also UniqueCertificate exists) - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true, Count: 2}, // inter + leaf - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 2}, // inter + leaf + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) // check that leaf certificate exists (same as for intermediate 2, skip check by subject) - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{}, } utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) @@ -236,29 +257,36 @@ func TestHandler_RemoveX509Cert_BySerialNumber_TwoCerts(t *testing.T) { require.Equal(t, 2, len(allCerts[0].Certs)+len(allCerts[1].Certs)) // Check indexes for intermediate certificates - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate2, indexes) // check that leaf certificate exists - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testLeafCertificate, indexes) } @@ -295,17 +323,21 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { _, err := setup.Handler(setup.Ctx, revokeX509Cert) require.NoError(t, err) - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) @@ -319,17 +351,20 @@ func TestHandler_RemoveX509Cert_RevokedCertificate(t *testing.T) { _, err = setup.Handler(setup.Ctx, removeX509Cert) require.NoError(t, err) - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{}, + Missing: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, testIntermediateCertificate, indexes) } diff --git a/x/pki/tests/handler_revoke_noc_ica_cert_test.go b/x/pki/tests/handler_revoke_noc_ica_cert_test.go index 40a941a1f..c8242549a 100644 --- a/x/pki/tests/handler_revoke_noc_ica_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_ica_cert_test.go @@ -42,21 +42,25 @@ func TestHandler_RevokeNocIntermediateCert(t *testing.T) { require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate, indexes) } @@ -102,43 +106,51 @@ func TestHandler_RevokeNocX509Cert_RevokeDefault(t *testing.T) { require.Equal(t, testconstants.NocCert1SubjectKeyID, revokedNocCerts.SubjectKeyId) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true, Count: 2}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true}, // leaf still exists - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix}, // leaf still exists + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) // Check indexes for leaf - indexes = []utils.TestIndex{ - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: true}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: true, Count: 1}, // only leaf exits - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + {Key: types.NocIcaCertificatesKeyPrefix, Count: 1}, // only leaf exits + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } @@ -182,24 +194,49 @@ func TestHandler_RevokeNocX509Cert_RevokeWithChild(t *testing.T) { require.Equal(t, 3, len(allRevokedCerts[0].Certs)+len(allRevokedCerts[1].Certs)) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: true, Count: 1}, // root still exits - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 2}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, icaCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, icaCertificate2, indexes) + + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix, Count: 1}, + {Key: types.NocRootCertificatesKeyPrefix, Count: 1}, // root still exits + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + } utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) } diff --git a/x/pki/tests/handler_revoke_noc_root_cert_test.go b/x/pki/tests/handler_revoke_noc_root_cert_test.go index 9da35f4d8..5670eff45 100644 --- a/x/pki/tests/handler_revoke_noc_root_cert_test.go +++ b/x/pki/tests/handler_revoke_noc_root_cert_test.go @@ -44,21 +44,25 @@ func TestHandler_RevokeNoRootCert(t *testing.T) { require.NoError(t, err) // Check indexes - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedNocRootCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.NocCertificatesByVidAndSkidKeyPrefix, Exist: false}, - {Key: types.NocRootCertificatesKeyPrefix, Exist: false}, - {Key: types.NocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedNocIcaCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedNocRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyPrefix}, + {Key: types.NocCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.NocCertificatesByVidAndSkidKeyPrefix}, + {Key: types.NocRootCertificatesKeyPrefix}, + {Key: types.NocIcaCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedNocIcaCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } diff --git a/x/pki/tests/handler_revoke_paa_cert_test.go b/x/pki/tests/handler_revoke_paa_cert_test.go index 718722815..3b0280b75 100644 --- a/x/pki/tests/handler_revoke_paa_cert_test.go +++ b/x/pki/tests/handler_revoke_paa_cert_test.go @@ -41,19 +41,23 @@ func TestHandler_ProposeRevokeDaRootCert(t *testing.T) { require.NoError(t, err) // Check: Certificate is proposed to revoke - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -85,19 +89,23 @@ func TestHandler_ProposeRevokeDaRootCert_ByTrusteeNotOwner(t *testing.T) { require.NoError(t, err) // Check: Certificate is proposed to revoke - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } resolvedCertificates := utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -125,19 +133,23 @@ func TestHandler_RevokeDaRootCert(t *testing.T) { ) // Check state indexes - indexes := []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } @@ -176,34 +188,42 @@ func TestHandler_RevokeDaRootCert_BySubjectAndSkid_WhenTwoCertsWithSameSkidExist ) // Check state indexes - indexes := []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, // another cert with same SKID exists - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, // another cert with same SKID exist - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, // another cert with same SKID exists + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, // another cert with same SKID exist + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) // second still exists - indexes = []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } @@ -241,18 +261,22 @@ func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndS ) // Check: Certificate1 - RevokedCertificates - present - indexes := []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true, Count: 1}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.ApprovedCertificatesKeyPrefix, Count: 1}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Count: 1}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Count: 1}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate1, indexes) utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) @@ -267,18 +291,22 @@ func TestHandler_RevokeDaRootCert_BySerialNumber_WhenTwoCertsWithSameSubjectAndS ) // Check: Certificate1 is revoked - indexes = []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix, Count: 2}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate2, indexes) } @@ -292,19 +320,23 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { utils.ProposeAndApproveRootCertificate(setup, setup.Trustee1, rootCertOptions) // root exists - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -360,20 +392,24 @@ func TestHandler_RevokeDaRootCert_TwoThirdApprovalsNeeded(t *testing.T) { _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.NoError(t, err) - indexes = []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.RevokedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.RevokedRootCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) @@ -433,19 +469,23 @@ func TestHandler_RevokeDaRootCert_ForTree(t *testing.T) { _, err = setup.Handler(setup.Ctx, approveRevokeX509RootCert) require.NoError(t, err) - indexes := []utils.TestIndex{ - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.ProposedCertificateKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.RevokedCertificatesKeyPrefix}, + {Key: types.UniqueCertificateKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.ProposedCertificateKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) diff --git a/x/pki/tests/handler_revoke_pai_cert_test.go b/x/pki/tests/handler_revoke_pai_cert_test.go index 0a2fde3f2..cee318fd2 100644 --- a/x/pki/tests/handler_revoke_pai_cert_test.go +++ b/x/pki/tests/handler_revoke_pai_cert_test.go @@ -50,33 +50,41 @@ func TestHandler_RevokeDaIntermediateCert(t *testing.T) { require.NoError(t, err) // Check: Certificate is revoked - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.ProposedCertificateRevocationKeyPrefix, Exist: false}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ProposedCertificateRevocationKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) // Check: Root stays approved - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) } @@ -113,32 +121,40 @@ func TestHandler_RevokeX509Cert_ForTree(t *testing.T) { require.NoError(t, err) // root stays approved - indexes := []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: true}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: true}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: true}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: false}, + indexes := utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.ChildCertificatesKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, rootCertificate, indexes) // intermediate and leaf are revoked - indexes = []utils.TestIndex{ - {Key: types.UniqueCertificateKeyPrefix, Exist: true}, - {Key: types.RevokedCertificatesKeyPrefix, Exist: true}, - {Key: types.AllCertificatesKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyPrefix, Exist: false}, - {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix, Exist: false}, - {Key: types.ApprovedRootCertificatesKeyPrefix, Exist: false}, - {Key: types.ChildCertificatesKeyPrefix, Exist: false}, + indexes = utils.TestIndexes{ + Present: []utils.TestIndex{ + {Key: types.UniqueCertificateKeyPrefix}, + {Key: types.RevokedCertificatesKeyPrefix}, + }, + Missing: []utils.TestIndex{ + {Key: types.AllCertificatesKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyPrefix}, + {Key: types.AllCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedCertificatesKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyPrefix}, + {Key: types.ApprovedCertificatesBySubjectKeyIDKeyPrefix}, + {Key: types.ApprovedRootCertificatesKeyPrefix}, + {Key: types.ChildCertificatesKeyPrefix}, + }, } utils.CheckCertificateStateIndexes(t, setup, intermediateCertificate, indexes) utils.CheckCertificateStateIndexes(t, setup, leafCertificate, indexes) diff --git a/x/pki/tests/test-design.md b/x/pki/tests/test-design.md index 585c9359b..39022d17a 100644 --- a/x/pki/tests/test-design.md +++ b/x/pki/tests/test-design.md @@ -191,6 +191,8 @@ Test cases: * Positive: * Add Noc root certificate: `TestHandler_AddNocRootCert` + * Add two Noc root certificates with same subject/skid but different serial number: + `TestHandler_AddNocRootCert_SameSubjectAndSkid_DifferentSerialNumber` * Negative: * TBD @@ -210,6 +212,8 @@ Test cases: * Positive: * Add Noc intermediate certificate: `TestHandler_AddNocIntermediateCert` + * Add two Noc intermediate certificates with same subject/skid but different serial number: + `TestHandler_AddNocIntermediateCert_SameSubjectAndSkid_DifferentSerialNumber` * Negative: * TBD diff --git a/x/pki/tests/utils/account.go b/x/pki/tests/utils/account.go index 3cb9bb8d9..9c2a30cfe 100644 --- a/x/pki/tests/utils/account.go +++ b/x/pki/tests/utils/account.go @@ -51,7 +51,7 @@ func (setup *TestSetup) AddAccount( ) { dclauthKeeper := setup.DclauthKeeper currentTrusteeCount := 0 - // if the CountAccountsWithRole is present get the value from the mock call + // if the CountAccountsWithRole is Present get the value from the mock call for _, expectedCall := range dclauthKeeper.ExpectedCalls { if expectedCall.Method == "CountAccountsWithRole" { currentTrusteeCount = dclauthKeeper.CountAccountsWithRole(setup.Ctx, dclauthtypes.Trustee) diff --git a/x/pki/tests/utils/certificate_assertions.go b/x/pki/tests/utils/certificate_assertions.go index 45cfa1fea..4b2d294b1 100644 --- a/x/pki/tests/utils/certificate_assertions.go +++ b/x/pki/tests/utils/certificate_assertions.go @@ -15,7 +15,13 @@ type TestIndex struct { Count int } +type TestIndexes struct { + Present []TestIndex + Missing []TestIndex +} + type TestCertificate struct { + PEM string Subject string SubjectKeyID string Issuer string @@ -28,249 +34,263 @@ type TestCertificate struct { type ResolvedCertificate struct { AllCertificates *types.AllCertificates AllCertificatesBySubject *types.AllCertificatesBySubject - AllCertificatesBySubjectKeyId []types.AllCertificates + AllCertificatesBySubjectKeyID []types.AllCertificates ApprovedCertificates *types.ApprovedCertificates ApprovedCertificatesBySubject *types.ApprovedCertificatesBySubject - ApprovedCertificatesBySubjectKeyId []types.ApprovedCertificates + ApprovedCertificatesBySubjectKeyID []types.ApprovedCertificates ApprovedRootCertificates *types.CertificateIdentifier ProposedCertificate *types.ProposedCertificate RejectedCertificate *types.RejectedCertificate ChildCertificates *types.ChildCertificates NocCertificates *types.NocCertificates NocCertificatesBySubject *types.NocCertificatesBySubject - NocCertificatesBySubjectKeyId []types.NocCertificates + NocCertificatesBySubjectKeyID []types.NocCertificates ProposedRevocation *types.ProposedCertificateRevocation + RevokedCertificates *types.RevokedCertificates + RevokedNocIcaCertificates *types.RevokedNocIcaCertificates + RevokedNocRootCertificates *types.RevokedNocRootCertificates } func CheckCertificateStateIndexes( t *testing.T, setup *TestSetup, certificate TestCertificate, - indexes []TestIndex, + indexes TestIndexes, ) ResolvedCertificate { var resolvedCertificate ResolvedCertificate - for _, index := range indexes { + for _, index := range indexes.Present { if index.Key == types.AllCertificatesKeyPrefix { - if index.Exist { - certificates, _ := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, certificates.Subject) - require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) - require.Len(t, certificates.Certs, GetExpectedCount(index)) - require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) - resolvedCertificate.AllCertificates = certificates - } else { - _, err := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + certificates, _ := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, certificates.Subject) + require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Len(t, certificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) + resolvedCertificate.AllCertificates = certificates } if index.Key == types.AllCertificatesBySubjectKeyPrefix { - if index.Exist { - certificatesBySubject, _ := QueryAllCertificatesBySubject(setup, certificate.Subject) - require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) - resolvedCertificate.AllCertificatesBySubject = certificatesBySubject - } else { - _, err := QueryAllCertificatesBySubject(setup, certificate.Subject) - require.Equal(t, codes.NotFound, status.Code(err)) - } + certificatesBySubject, _ := QueryAllCertificatesBySubject(setup, certificate.Subject) + require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) + resolvedCertificate.AllCertificatesBySubject = certificatesBySubject } if index.Key == types.AllCertificatesBySubjectKeyIDKeyPrefix { - if index.Exist { - certificateBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Len(t, certificateBySubjectKeyID[0].Certs, GetExpectedCount(index)) - require.Equal(t, certificate.IsRoot, certificateBySubjectKeyID[0].Certs[0].IsRoot) - resolvedCertificate.AllCertificatesBySubjectKeyId = certificateBySubjectKeyID - } else { - certificatesBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - } + certificateBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Len(t, certificateBySubjectKeyID[0].Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, certificateBySubjectKeyID[0].Certs[0].IsRoot) + resolvedCertificate.AllCertificatesBySubjectKeyID = certificateBySubjectKeyID } if index.Key == types.ApprovedCertificatesKeyPrefix { - if index.Exist { - certificates, _ := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, certificates.Subject) - require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) - require.Len(t, certificates.Certs, GetExpectedCount(index)) - require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) - resolvedCertificate.ApprovedCertificates = certificates - } else { - _, err := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + certificates, _ := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, certificates.Subject) + require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Len(t, certificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, certificates.Certs[0].IsRoot) + resolvedCertificate.ApprovedCertificates = certificates } if index.Key == types.ApprovedCertificatesBySubjectKeyPrefix { - if index.Exist { - certificatesBySubject, _ := QueryApprovedCertificatesBySubject(setup, certificate.Subject) - require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) - resolvedCertificate.ApprovedCertificatesBySubject = certificatesBySubject - } else { - _, err := QueryApprovedCertificatesBySubject(setup, certificate.Subject) - require.Equal(t, codes.NotFound, status.Code(err)) - } + certificatesBySubject, _ := QueryApprovedCertificatesBySubject(setup, certificate.Subject) + require.Len(t, certificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, certificatesBySubject.SubjectKeyIds[0]) + resolvedCertificate.ApprovedCertificatesBySubject = certificatesBySubject } if index.Key == types.ApprovedCertificatesBySubjectKeyIDKeyPrefix { - if index.Exist { - approvedCertificatesBySkid, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Len(t, approvedCertificatesBySkid, 1) - require.Len(t, approvedCertificatesBySkid[0].Certs, GetExpectedCount(index)) - require.Equal(t, certificate.IsRoot, approvedCertificatesBySkid[0].Certs[0].IsRoot) - resolvedCertificate.ApprovedCertificatesBySubjectKeyId = approvedCertificatesBySkid - } else { - certificatesBySubjectKeyID, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - } + approvedCertificatesBySkid, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Len(t, approvedCertificatesBySkid, 1) + require.Len(t, approvedCertificatesBySkid[0].Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, approvedCertificatesBySkid[0].Certs[0].IsRoot) + resolvedCertificate.ApprovedCertificatesBySubjectKeyID = approvedCertificatesBySkid } if index.Key == types.ApprovedRootCertificatesKeyPrefix { - if index.Exist { - approvedRootCertificate, _ := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, approvedRootCertificate.Subject) - require.Equal(t, certificate.SubjectKeyID, approvedRootCertificate.SubjectKeyId) - resolvedCertificate.ApprovedRootCertificates = approvedRootCertificate - } else { - _, err := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + approvedRootCertificate, _ := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, approvedRootCertificate.Subject) + require.Equal(t, certificate.SubjectKeyID, approvedRootCertificate.SubjectKeyId) + resolvedCertificate.ApprovedRootCertificates = approvedRootCertificate } if index.Key == types.ProposedCertificateKeyPrefix { - if index.Exist { - proposedCertificate, _ := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, proposedCertificate.Subject) - require.Equal(t, certificate.SubjectKeyID, proposedCertificate.SubjectKeyId) - resolvedCertificate.ProposedCertificate = proposedCertificate - } else { - _, err := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + proposedCertificate, _ := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, proposedCertificate.Subject) + require.Equal(t, certificate.SubjectKeyID, proposedCertificate.SubjectKeyId) + resolvedCertificate.ProposedCertificate = proposedCertificate } if index.Key == types.RejectedCertificateKeyPrefix { - if index.Exist { - rejectedCertificate, _ := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, rejectedCertificate.Subject) - require.Equal(t, certificate.SubjectKeyID, rejectedCertificate.SubjectKeyId) - require.Len(t, rejectedCertificate.Certs, GetExpectedCount(index)) - resolvedCertificate.RejectedCertificate = rejectedCertificate - } else { - _, err := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + rejectedCertificate, _ := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, rejectedCertificate.Subject) + require.Equal(t, certificate.SubjectKeyID, rejectedCertificate.SubjectKeyId) + require.Len(t, rejectedCertificate.Certs, GetExpectedCount(index)) + resolvedCertificate.RejectedCertificate = rejectedCertificate } if index.Key == types.ChildCertificatesKeyPrefix { - if index.Exist { - issuerChildren, _ := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) - require.Len(t, issuerChildren.CertIds, GetExpectedCount(index)) - certID := types.CertificateIdentifier{ - Subject: certificate.Subject, - SubjectKeyId: certificate.SubjectKeyID, - } - require.Equal(t, &certID, issuerChildren.CertIds[0]) - resolvedCertificate.ChildCertificates = issuerChildren - } else { - _, err := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) + issuerChildren, _ := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) + require.Len(t, issuerChildren.CertIds, GetExpectedCount(index)) + certID := types.CertificateIdentifier{ + Subject: certificate.Subject, + SubjectKeyId: certificate.SubjectKeyID, } + require.Equal(t, &certID, issuerChildren.CertIds[0]) + resolvedCertificate.ChildCertificates = issuerChildren } if index.Key == types.UniqueCertificateKeyPrefix { - require.Equal(t, index.Exist, setup.Keeper.IsUniqueCertificatePresent( + require.True(t, setup.Keeper.IsUniqueCertificatePresent( setup.Ctx, certificate.Issuer, certificate.SerialNumber)) } if index.Key == types.NocCertificatesKeyPrefix { - if index.Exist { - certificates, _ := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, certificate.Subject, certificates.Subject) - require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) - require.Len(t, certificates.Certs, GetExpectedCount(index)) - resolvedCertificate.NocCertificates = certificates - } else { - _, err := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + certificates, _ := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, certificate.Subject, certificates.Subject) + require.Equal(t, certificate.SubjectKeyID, certificates.SubjectKeyId) + require.Len(t, certificates.Certs, GetExpectedCount(index)) + resolvedCertificate.NocCertificates = certificates } if index.Key == types.NocCertificatesBySubjectKeyIDKeyPrefix { - if index.Exist { - nocCertificatesBySkid, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Len(t, nocCertificatesBySkid, 1) - require.Len(t, nocCertificatesBySkid[0].Certs, GetExpectedCount(index)) - require.Equal(t, certificate.IsRoot, nocCertificatesBySkid[0].Certs[0].IsRoot) - resolvedCertificate.NocCertificatesBySubjectKeyId = nocCertificatesBySkid - } else { - certificatesBySubjectKeyID, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) - require.Empty(t, certificatesBySubjectKeyID) - } + nocCertificatesBySkid, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Len(t, nocCertificatesBySkid, 1) + require.Len(t, nocCertificatesBySkid[0].Certs, GetExpectedCount(index)) + require.Equal(t, certificate.IsRoot, nocCertificatesBySkid[0].Certs[0].IsRoot) + resolvedCertificate.NocCertificatesBySubjectKeyID = nocCertificatesBySkid } if index.Key == types.NocCertificatesBySubjectKeyPrefix { - if index.Exist { - nocCertificatesBySubject, _ := QueryNocCertificatesBySubject(setup, certificate.Subject) - require.Len(t, nocCertificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, nocCertificatesBySubject.SubjectKeyIds[0]) - resolvedCertificate.NocCertificatesBySubject = nocCertificatesBySubject - } else { - _, err := QueryNocCertificatesBySubject(setup, certificate.Subject) - require.Equal(t, codes.NotFound, status.Code(err)) - } + nocCertificatesBySubject, _ := QueryNocCertificatesBySubject(setup, certificate.Subject) + require.Len(t, nocCertificatesBySubject.SubjectKeyIds, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, nocCertificatesBySubject.SubjectKeyIds[0]) + resolvedCertificate.NocCertificatesBySubject = nocCertificatesBySubject } if index.Key == types.NocCertificatesByVidAndSkidKeyPrefix { - if index.Exist { - nocCertificatesByVidAndSkid, _ := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) - require.Equal(t, certificate.VID, nocCertificatesByVidAndSkid.Vid) - require.Len(t, nocCertificatesByVidAndSkid.Certs, GetExpectedCount(index)) - require.Equal(t, certificate.SubjectKeyID, nocCertificatesByVidAndSkid.SubjectKeyId) - } else { - _, err := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + nocCertificatesByVidAndSkid, _ := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) + require.Equal(t, certificate.VID, nocCertificatesByVidAndSkid.Vid) + require.Len(t, nocCertificatesByVidAndSkid.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.SubjectKeyID, nocCertificatesByVidAndSkid.SubjectKeyId) } if index.Key == types.NocRootCertificatesKeyPrefix { - if index.Exist { - nocRootCertificatesByVid, _ := QueryNocRootCertificatesByVid(setup, certificate.VID) - require.Equal(t, certificate.VID, nocRootCertificatesByVid.Vid) - require.Len(t, nocRootCertificatesByVid.Certs, GetExpectedCount(index)) - } else { - _, err := QueryNocRootCertificatesByVid(setup, certificate.VID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + nocRootCertificatesByVid, _ := QueryNocRootCertificatesByVid(setup, certificate.VID) + require.Equal(t, certificate.VID, nocRootCertificatesByVid.Vid) + require.Len(t, nocRootCertificatesByVid.Certs, GetExpectedCount(index)) } if index.Key == types.NocIcaCertificatesKeyPrefix { - if index.Exist { - nocIcaCertificatesBy, _ := QueryNocIcaCertificatesByVid(setup, certificate.VID) - require.Equal(t, certificate.VID, nocIcaCertificatesBy.Vid) - require.Len(t, nocIcaCertificatesBy.Certs, GetExpectedCount(index)) - } else { - _, err := QueryNocIcaCertificatesByVid(setup, certificate.VID) - require.Equal(t, codes.NotFound, status.Code(err)) - } + nocIcaCertificatesBy, _ := QueryNocIcaCertificatesByVid(setup, certificate.VID) + require.Equal(t, certificate.VID, nocIcaCertificatesBy.Vid) + require.Len(t, nocIcaCertificatesBy.Certs, GetExpectedCount(index)) } if index.Key == types.RevokedNocIcaCertificatesKeyPrefix { - require.Equal(t, index.Exist, setup.Keeper.IsRevokedNocIcaCertificatePresent( - setup.Ctx, certificate.Subject, certificate.SubjectKeyID)) + revokedNocIcaCertificates, _ := QueryNocRevokedIcaCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Len(t, revokedNocIcaCertificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.Subject, revokedNocIcaCertificates.Subject) + require.Equal(t, certificate.SubjectKeyID, revokedNocIcaCertificates.SubjectKeyId) + resolvedCertificate.RevokedNocIcaCertificates = revokedNocIcaCertificates } if index.Key == types.RevokedNocRootCertificatesKeyPrefix { - require.Equal(t, index.Exist, setup.Keeper.IsRevokedNocRootCertificatePresent( - setup.Ctx, certificate.Subject, certificate.SubjectKeyID)) + revokedNocRootCertificates, _ := QueryNocRevokedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Len(t, revokedNocRootCertificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.Subject, revokedNocRootCertificates.Subject) + require.Equal(t, certificate.SubjectKeyID, revokedNocRootCertificates.SubjectKeyId) + resolvedCertificate.RevokedNocRootCertificates = revokedNocRootCertificates } if index.Key == types.RevokedCertificatesKeyPrefix { - require.Equal(t, index.Exist, setup.Keeper.IsRevokedCertificatePresent( - setup.Ctx, certificate.Subject, certificate.SubjectKeyID)) + revokedCertificates, _ := QueryRevokedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Len(t, revokedCertificates.Certs, GetExpectedCount(index)) + require.Equal(t, certificate.Subject, revokedCertificates.Subject) + require.Equal(t, certificate.SubjectKeyID, revokedCertificates.SubjectKeyId) + resolvedCertificate.RevokedCertificates = revokedCertificates } if index.Key == types.ProposedCertificateRevocationKeyPrefix { - if index.Exist { - proposedRevocation, _ := QueryProposedCertificateRevocation( - setup, - certificate.Subject, - certificate.SubjectKeyID, - certificate.SerialNumber, - ) - resolvedCertificate.ProposedRevocation = proposedRevocation - } else { - _, err := QueryProposedCertificateRevocation( - setup, - certificate.Subject, - certificate.SubjectKeyID, - certificate.SerialNumber, - ) - require.Equal(t, codes.NotFound, status.Code(err)) - } + proposedRevocation, _ := QueryProposedCertificateRevocation( + setup, + certificate.Subject, + certificate.SubjectKeyID, + certificate.SerialNumber, + ) + resolvedCertificate.ProposedRevocation = proposedRevocation + } + } + + for _, index := range indexes.Missing { + if index.Key == types.AllCertificatesKeyPrefix { + _, err := QueryAllCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.AllCertificatesBySubjectKeyPrefix { + _, err := QueryAllCertificatesBySubject(setup, certificate.Subject) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.AllCertificatesBySubjectKeyIDKeyPrefix { + certificatesBySubjectKeyID, _ := QueryAllCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + } + if index.Key == types.ApprovedCertificatesKeyPrefix { + _, err := QueryApprovedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.ApprovedCertificatesBySubjectKeyPrefix { + _, err := QueryApprovedCertificatesBySubject(setup, certificate.Subject) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.ApprovedCertificatesBySubjectKeyIDKeyPrefix { + certificatesBySubjectKeyID, _ := QueryApprovedCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + } + if index.Key == types.ApprovedRootCertificatesKeyPrefix { + _, err := QueryApprovedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.ProposedCertificateKeyPrefix { + _, err := QueryProposedCertificate(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.RejectedCertificateKeyPrefix { + _, err := QueryRejectedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.ChildCertificatesKeyPrefix { + _, err := QueryChildCertificates(setup, certificate.Issuer, certificate.AuthorityKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.UniqueCertificateKeyPrefix { + require.False(t, setup.Keeper.IsUniqueCertificatePresent( + setup.Ctx, certificate.Issuer, certificate.SerialNumber)) + } + if index.Key == types.NocCertificatesKeyPrefix { + _, err := QueryNocCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.NocCertificatesBySubjectKeyIDKeyPrefix { + certificatesBySubjectKeyID, _ := QueryNocCertificatesBySubjectKeyID(setup, certificate.SubjectKeyID) + require.Empty(t, certificatesBySubjectKeyID) + } + if index.Key == types.NocCertificatesBySubjectKeyPrefix { + _, err := QueryNocCertificatesBySubject(setup, certificate.Subject) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.NocCertificatesByVidAndSkidKeyPrefix { + _, err := QueryNocCertificatesByVidAndSkid(setup, certificate.VID, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.NocRootCertificatesKeyPrefix { + _, err := QueryNocRootCertificatesByVid(setup, certificate.VID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.NocIcaCertificatesKeyPrefix { + _, err := QueryNocIcaCertificatesByVid(setup, certificate.VID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.RevokedNocIcaCertificatesKeyPrefix { + _, err := QueryNocRevokedIcaCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.RevokedNocRootCertificatesKeyPrefix { + _, err := QueryNocRevokedRootCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.RevokedCertificatesKeyPrefix { + _, err := QueryRevokedCertificates(setup, certificate.Subject, certificate.SubjectKeyID) + require.Equal(t, codes.NotFound, status.Code(err)) + } + if index.Key == types.ProposedCertificateRevocationKeyPrefix { + _, err := QueryProposedCertificateRevocation( + setup, + certificate.Subject, + certificate.SubjectKeyID, + certificate.SerialNumber, + ) + require.Equal(t, codes.NotFound, status.Code(err)) } } @@ -282,5 +302,6 @@ func GetExpectedCount(index TestIndex) int { if index.Count == 0 { count = 1 } + return count } diff --git a/x/pki/tests/utils/certificate_helpers.go b/x/pki/tests/utils/certificate_helpers.go index 3e1f824da..95e4501a5 100644 --- a/x/pki/tests/utils/certificate_helpers.go +++ b/x/pki/tests/utils/certificate_helpers.go @@ -37,3 +37,12 @@ func AddMokedDaCertificate( setup.Keeper.SetUniqueCertificate(setup.Ctx, UniqueCertificate(certificate.Issuer, certificate.SerialNumber)) setup.Keeper.StoreDaCertificate(setup.Ctx, certificate, isRoot) } + +func AddMokedNocCertificate( + setup *TestSetup, + certificate types.Certificate, + isRoot bool, +) { + setup.Keeper.SetUniqueCertificate(setup.Ctx, UniqueCertificate(certificate.Issuer, certificate.SerialNumber)) + setup.Keeper.StoreNocCertificate(setup.Ctx, certificate, isRoot) +} diff --git a/x/pki/tests/utils/data.go b/x/pki/tests/utils/data.go index 787a12c97..b9ce9ded8 100644 --- a/x/pki/tests/utils/data.go +++ b/x/pki/tests/utils/data.go @@ -86,8 +86,26 @@ func IntermediateCertificateNoVid(address sdk.AccAddress) types.Certificate { ) } +func NocIntermediateCertificate(address sdk.AccAddress) types.Certificate { + return types.NewNocCertificate( + testconstants.NocCert1, + testconstants.NocCert1Subject, + testconstants.NocCert1SubjectAsText, + testconstants.NocCert1SubjectKeyID, + testconstants.NocCert1SerialNumber, + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + testconstants.NocRootCert1Subject, + testconstants.NocRootCert1SubjectKeyID, + address.String(), + testconstants.Vid, + testconstants.SchemaVersion, + ) +} + func CreateTestRootCert() TestCertificate { return TestCertificate{ + PEM: testconstants.RootCertPem, Subject: testconstants.RootSubject, SubjectKeyID: testconstants.RootSubjectKeyID, SerialNumber: testconstants.RootSerialNumber, @@ -99,6 +117,7 @@ func CreateTestRootCert() TestCertificate { func CreateTestRootCertWithSameSubject() TestCertificate { return TestCertificate{ + PEM: testconstants.PAACertWithSameSubjectID1, Subject: testconstants.PAACertWithSameSubjectID1Subject, SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, SerialNumber: testconstants.PAACertWithSameSubjectSerialNumber, @@ -109,6 +128,7 @@ func CreateTestRootCertWithSameSubject() TestCertificate { func CreateTestRootCertWithSameSubject2() TestCertificate { return TestCertificate{ + PEM: testconstants.PAACertWithSameSubjectID2, Subject: testconstants.PAACertWithSameSubjectID2Subject, SubjectKeyID: testconstants.PAACertWithSameSubjectIDSubjectID, SerialNumber: testconstants.PAACertWithSameSubject2SerialNumber, @@ -119,6 +139,7 @@ func CreateTestRootCertWithSameSubject2() TestCertificate { func CreateTestRootCertWithSameSubjectAndSkid1() TestCertificate { return TestCertificate{ + PEM: testconstants.RootCertWithSameSubjectAndSKID1, Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, SerialNumber: testconstants.RootCertWithSameSubjectAndSKID1SerialNumber, @@ -130,6 +151,7 @@ func CreateTestRootCertWithSameSubjectAndSkid1() TestCertificate { func CreateTestRootCertWithSameSubjectAndSkid2() TestCertificate { return TestCertificate{ + PEM: testconstants.RootCertWithSameSubjectAndSKID2, Subject: testconstants.RootCertWithSameSubjectAndSKIDSubject, SubjectKeyID: testconstants.RootCertWithSameSubjectAndSKIDSubjectKeyID, SerialNumber: testconstants.RootCertWithSameSubjectAndSKID2SerialNumber, @@ -141,6 +163,7 @@ func CreateTestRootCertWithSameSubjectAndSkid2() TestCertificate { func CreateTestIntermediateCert() TestCertificate { return TestCertificate{ + PEM: testconstants.IntermediateCertPem, Subject: testconstants.IntermediateSubject, SubjectKeyID: testconstants.IntermediateSubjectKeyID, SerialNumber: testconstants.IntermediateSerialNumber, @@ -152,6 +175,7 @@ func CreateTestIntermediateCert() TestCertificate { func CreateTestIntermediateVidScopedCert() TestCertificate { return TestCertificate{ + PEM: testconstants.PAICertWithNumericPidVid, Subject: testconstants.PAICertWithNumericPidVidSubject, SubjectKeyID: testconstants.PAICertWithNumericPidVidSubjectKeyID, SerialNumber: testconstants.PAICertWithNumericPidVidSerialNumber, @@ -163,6 +187,7 @@ func CreateTestIntermediateVidScopedCert() TestCertificate { func CreateTestIntermediateCertWithSameSubjectAndSKID1() TestCertificate { return TestCertificate{ + PEM: testconstants.IntermediateWithSameSubjectAndSKID1, Subject: testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, SubjectKeyID: testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, SerialNumber: testconstants.IntermediateCertWithSameSubjectAndSKID1SerialNumber, @@ -174,6 +199,7 @@ func CreateTestIntermediateCertWithSameSubjectAndSKID1() TestCertificate { func CreateTestIntermediateCertWithSameSubjectAndSKID2() TestCertificate { return TestCertificate{ + PEM: testconstants.IntermediateWithSameSubjectAndSKID2, Subject: testconstants.IntermediateCertWithSameSubjectAndSKIDSubject, SubjectKeyID: testconstants.IntermediateCertWithSameSubjectAndSKIDSubjectKeyID, SerialNumber: testconstants.IntermediateCertWithSameSubjectAndSKID2SerialNumber, @@ -185,6 +211,7 @@ func CreateTestIntermediateCertWithSameSubjectAndSKID2() TestCertificate { func CreateTestLeafCertWithSameSubjectAndSKID() TestCertificate { return TestCertificate{ + PEM: testconstants.LeafCertWithSameSubjectAndSKID, Subject: testconstants.LeafCertWithSameSubjectAndSKIDSubject, SubjectKeyID: testconstants.LeafCertWithSameSubjectAndSKIDSubjectKeyID, SerialNumber: testconstants.LeafCertWithSameSubjectAndSKIDSerialNumber, @@ -196,6 +223,7 @@ func CreateTestLeafCertWithSameSubjectAndSKID() TestCertificate { func CreateTestLeafCert() TestCertificate { return TestCertificate{ + PEM: testconstants.LeafCertPem, Subject: testconstants.LeafSubject, SubjectKeyID: testconstants.LeafSubjectKeyID, SerialNumber: testconstants.LeafSerialNumber, @@ -207,6 +235,7 @@ func CreateTestLeafCert() TestCertificate { func CreateTestNocRoot1Cert() TestCertificate { return TestCertificate{ + PEM: testconstants.NocRootCert1, Subject: testconstants.NocRootCert1Subject, SubjectKeyID: testconstants.NocRootCert1SubjectKeyID, SerialNumber: testconstants.NocRootCert1SerialNumber, @@ -219,6 +248,7 @@ func CreateTestNocRoot1Cert() TestCertificate { func CreateTestNocRoot2Cert() TestCertificate { return TestCertificate{ + PEM: testconstants.NocRootCert1Copy, Subject: testconstants.NocRootCert1CopySubject, SubjectKeyID: testconstants.NocRootCert1CopySubjectKeyID, SerialNumber: testconstants.NocRootCert1CopySerialNumber, @@ -231,6 +261,7 @@ func CreateTestNocRoot2Cert() TestCertificate { func CreateTestNocIca1Cert() TestCertificate { return TestCertificate{ + PEM: testconstants.NocCert1, Subject: testconstants.NocCert1Subject, SubjectKeyID: testconstants.NocCert1SubjectKeyID, SerialNumber: testconstants.NocCert1SerialNumber, @@ -243,6 +274,7 @@ func CreateTestNocIca1Cert() TestCertificate { func CreateTestNocIca1CertCopy() TestCertificate { return TestCertificate{ + PEM: testconstants.NocCert1Copy, Subject: testconstants.NocCert1CopySubject, SubjectKeyID: testconstants.NocCert1CopySubjectKeyID, SerialNumber: testconstants.NocCert1CopySerialNumber, @@ -255,6 +287,7 @@ func CreateTestNocIca1CertCopy() TestCertificate { func CreateTestNocLeafCert() TestCertificate { return TestCertificate{ + PEM: testconstants.NocLeafCert1, Subject: testconstants.NocLeafCert1Subject, SubjectKeyID: testconstants.NocLeafCert1SubjectKeyID, SerialNumber: testconstants.NocLeafCert1SerialNumber, diff --git a/x/pki/types/all_certificates_by_subject_key_id.pb.go b/x/pki/types/all_certificates_by_subject_key_id.pb.go index fa3ddff29..b0332ef84 100644 --- a/x/pki/types/all_certificates_by_subject_key_id.pb.go +++ b/x/pki/types/all_certificates_by_subject_key_id.pb.go @@ -83,7 +83,7 @@ func (m *AllCertificatesBySubjectKeyId) GetSchemaVersion() uint32 { } func init() { - proto.RegisterType((*AllCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.AllCertificatesBySubjectKeyId") + proto.RegisterType((*AllCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.AllCertificatesBySubjectKeyID") } func init() { @@ -223,10 +223,10 @@ func (m *AllCertificatesBySubjectKeyId) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: AllCertificatesBySubjectKeyId: wiretype end group for non-group") + return fmt.Errorf("proto: AllCertificatesBySubjectKeyID: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: AllCertificatesBySubjectKeyId: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: AllCertificatesBySubjectKeyID: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: diff --git a/x/pki/types/approved_certificates_by_subject_key_id.pb.go b/x/pki/types/approved_certificates_by_subject_key_id.pb.go index 4aebcf970..65df87141 100644 --- a/x/pki/types/approved_certificates_by_subject_key_id.pb.go +++ b/x/pki/types/approved_certificates_by_subject_key_id.pb.go @@ -83,7 +83,7 @@ func (m *ApprovedCertificatesBySubjectKeyId) GetSchemaVersion() uint32 { } func init() { - proto.RegisterType((*ApprovedCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.ApprovedCertificatesBySubjectKeyId") + proto.RegisterType((*ApprovedCertificatesBySubjectKeyId)(nil), "zigbeealliance.distributedcomplianceledger.pki.ApprovedCertificatesBySubjectKeyID") } func init() { @@ -223,10 +223,10 @@ func (m *ApprovedCertificatesBySubjectKeyId) Unmarshal(dAtA []byte) error { fieldNum := int32(wire >> 3) wireType := int(wire & 0x7) if wireType == 4 { - return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyId: wiretype end group for non-group") + return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyID: wiretype end group for non-group") } if fieldNum <= 0 { - return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyId: illegal tag %d (wire type %d)", fieldNum, wire) + return fmt.Errorf("proto: ApprovedCertificatesBySubjectKeyID: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { case 1: diff --git a/x/pki/types/genesis_test.go b/x/pki/types/genesis_test.go index d3ca9d7e9..24d0867c3 100644 --- a/x/pki/types/genesis_test.go +++ b/x/pki/types/genesis_test.go @@ -218,7 +218,7 @@ AllCertificatesBySubjectList: []types.AllCertificatesBySubject{ Subject: "1", }, }, -AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ +AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyID{ { SubjectKeyId: "0", }, @@ -226,7 +226,7 @@ AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ SubjectKeyId: "1", }, }, -AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ +AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyID{ { SubjectKeyId: "0", }, @@ -551,7 +551,7 @@ SubjectKeyID: "0", { desc: "duplicated allCertificatesBySubjectKeyId", genState: &types.GenesisState{ - AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ + AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyID{ { SubjectKeyId: "0", }, @@ -565,7 +565,7 @@ SubjectKeyID: "0", { desc: "duplicated allCertificatesBySubjectKeyId", genState: &types.GenesisState{ - AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{ + AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyID{ { SubjectKeyId: "0", }, diff --git a/x/pki/types/key_all_certificates_by_subject_key_id.go b/x/pki/types/key_all_certificates_by_subject_key_id.go index f04b2fb9e..6ab7d33c2 100644 --- a/x/pki/types/key_all_certificates_by_subject_key_id.go +++ b/x/pki/types/key_all_certificates_by_subject_key_id.go @@ -6,7 +6,7 @@ var _ binary.ByteOrder const ( // AllCertificatesBySubjectKeyIDKeyPrefix is the prefix to retrieve all AllCertificatesBySubjectKeyId - AllCertificatesBySubjectKeyIDKeyPrefix = "AllCertificatesBySubjectKeyId/value/" + AllCertificatesBySubjectKeyIDKeyPrefix = "AllCertificatesBySubjectKeyID/value/" ) // AllCertificatesBySubjectKeyIDKey returns the store key to retrieve a AllCertificatesBySubjectKeyId from the index fields diff --git a/x/pki/types/key_approved_certificates_by_subject_key_id.go b/x/pki/types/key_approved_certificates_by_subject_key_id.go index 587098470..34e842edf 100644 --- a/x/pki/types/key_approved_certificates_by_subject_key_id.go +++ b/x/pki/types/key_approved_certificates_by_subject_key_id.go @@ -6,7 +6,7 @@ var _ binary.ByteOrder const ( // ApprovedCertificatesBySubjectKeyIDKeyPrefix is the prefix to retrieve all ApprovedCertificatesBySubjectKeyId. - ApprovedCertificatesBySubjectKeyIDKeyPrefix = "ApprovedCertificatesBySubjectKeyId/value/" + ApprovedCertificatesBySubjectKeyIDKeyPrefix = "ApprovedCertificatesBySubjectKeyID/value/" ) // ApprovedCertificatesBySubjectKeyIDKey returns the store key to retrieve a ApprovedCertificatesBySubjectKeyId from the index fields.