diff --git a/integration_tests/cli/pki-revocation-points.sh b/integration_tests/cli/pki-revocation-points.sh index e3abb9893..4940c8e06 100755 --- a/integration_tests/cli/pki-revocation-points.sh +++ b/integration_tests/cli/pki-revocation-points.sh @@ -25,6 +25,18 @@ test_root_cert_path="integration_tests/constants/test_root_cert" test_root_cert_subject="MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBDEyNUQ=" test_root_cert_subject_key_id="E2:90:8D:36:9C:3C:A3:C1:13:BB:09:E2:4D:C1:CC:C5:A6:66:91:D4" +root_cert_with_vid_path="integration_tests/constants/root_cert_with_vid" +root_cert_with_vid_subject="MIGYMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=" +root_cert_with_vid_subject_key_id="CE:A8:92:66:EA:E0:80:BD:2B:B5:68:E4:0B:07:C4:FA:2C:34:6D:31" + +delegator_cert_with_vid_65521_path="integration_tests/constants/intermediate_cert_with_vid_1" +delegator_cert_with_vid_65521_copy_path="integration_tests/constants/intermediate_cert_with_vid_1_copy" +delegator_cert_with_vid_subject_key_id="0E8CE8C8B8AA50BC258556B9B19CC2C7D9C52F17" + +crl_leaf_cert_with_vid_65521_path="integration_tests/constants/leaf_cert_with_vid_65521" +crl_leaf_cert_with_vid_65522_path="integration_tests/constants/leaf_cert_with_vid_65522" +crl_leaf_cert_without_vid_path="integration_tests/constants/leaf_cert_without_vid" + trustee_account="jack" second_trustee_account="alice" third_trustee_account="bob" @@ -35,6 +47,8 @@ third_trustee_account_address=$(echo $passphrase | dcld keys show bob -a) label="label" label_pai="label_pai" +label_leaf="label_leaf" +label_leaf_with_delegator="label_leaf_with_delegator" vid=65521 vid_65522=65522 vid_non_vid_scoped=4701 @@ -137,6 +151,12 @@ check_response "$result" "\"code\": 0" result=$(echo "$passphrase" | dcld tx pki approve-add-x509-root-cert --subject="$test_root_cert_subject" --subject-key-id="$test_root_cert_subject_key_id" --from $second_trustee_account --yes) check_response "$result" "\"code\": 0" +echo "Trustees add VID scoped root cert" +result=$(echo "$passphrase" | dcld tx pki propose-add-x509-root-cert --certificate="$root_cert_with_vid_path" --vid $vid --from $trustee_account --yes) +check_response "$result" "\"code\": 0" +result=$(echo "$passphrase" | dcld tx pki approve-add-x509-root-cert --subject="$root_cert_with_vid_subject" --subject-key-id="$root_cert_with_vid_subject_key_id" --from $second_trustee_account --yes) +check_response "$result" "\"code\": 0" + test_divider echo "7. ADD REVOCATION POINT FOR PAA WHEN CRL SIGNER CERTIFICATE PEM VALUE IS NOT EQUAL TO STORED CERTIFICATE PEM VALUE" @@ -255,7 +275,72 @@ response_does_not_contain "$result" "\"label\": \"$vid_non_vid_scoped\"" test_divider -echo "12. UPDATE REVOCATION POINT WHEN POINT NOT FOUND" +echo "12. ADD REVOCATION POINT FOR CRL LEAF CERTIFICATE WHEN DELEGATOR CERTIFICATE IS PROVIDED" + +result=$(dcld tx pki add-revocation-point --vid=$vid --is-paa="false" --certificate="$crl_leaf_cert_with_vid_65521_path" --label="$label_leaf_with_delegator" --data-url="$data_url" --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id --revocation-type=1 --certificate-delegator="$delegator_cert_with_vid_65521_path" --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" + +result=$(dcld query pki revocation-point --vid=$vid --label=$label_leaf_with_delegator --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"label\": \"$label_leaf_with_delegator\"" +check_response "$result" "\"issuerSubjectKeyID\": \"$delegator_cert_with_vid_subject_key_id\"" + +echo $result + +test_divider + +echo "13. ADD REVOCATION POINT FOR CRL LEAF CERTIFICATE WHEN IS_PAA=TRUE" + +echo "Add PAI certificate" +result=$(echo "$passphrase" | dcld tx pki add-x509-cert --certificate="$delegator_cert_with_vid_65521_path" --from $vendor_account --yes) +check_response "$result" "\"code\": 0" + +echo "Add PKI revocation point with IS_PAA=true" +result=$(dcld tx pki add-revocation-point --vid=$vid_65522 --is-paa="true" --certificate="$crl_leaf_cert_without_vid_path" --label="$label_leaf" --data-url="$data_url" --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id --revocation-type=1 --from=$vendor_account_65522 --yes) +check_response "$result" "\"code\": 0" + +result=$(dcld query pki revocation-point --vid=$vid_65522 --label=$label_leaf --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id) +check_response "$result" "\"vid\": $vid_65522" +check_response "$result" "\"label\": \"$label_leaf\"" +check_response "$result" "\"issuerSubjectKeyID\": \"$delegator_cert_with_vid_subject_key_id\"" +echo $result + +test_divider + +echo "14. UPDATE REVOCATION POINT FOR CRL LEAF CERTIFICATE WHEN DELEGATOR CERTIFICATE IS PROVIDED" +data_url_new="$data_url"_new +result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$crl_leaf_cert_with_vid_65521_path" --label="$label_leaf_with_delegator" --data-url="$data_url_new" --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id --certificate-delegator="$delegator_cert_with_vid_65521_copy_path" --from=$vendor_account --yes) +check_response "$result" "\"code\": 0" +echo $result + +result=$(dcld query pki revocation-point --vid=$vid --label=$label_leaf_with_delegator --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id) +check_response "$result" "\"vid\": $vid" +check_response "$result" "\"label\": \"$label_leaf_with_delegator\"" +check_response "$result" "\"issuerSubjectKeyID\": \"$delegator_cert_with_vid_subject_key_id\"" +check_response "$result" "\"dataURL\": \"$data_url_new\"" +check_response "$result" "\"CrlSignerCertificate\": $(<$crl_leaf_cert_with_vid_65521_path)" +check_response "$result" "\"CrlSignerDelegator\": $(<$delegator_cert_with_vid_65521_copy_path)" +echo $result + +test_divider + +echo "15. UPDATE REVOCATION POINT FOR CRL LEAF CERTIFICATE" +result=$(dcld tx pki update-revocation-point --vid=$vid_65522 --certificate="$crl_leaf_cert_with_vid_65522_path" --label="$label_leaf" --data-url="$data_url_new" --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id --from=$vendor_account_65522 --yes) +check_response "$result" "\"code\": 0" +echo $result + +result=$(dcld query pki revocation-point --vid=$vid_65522 --label=$label_leaf --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id) +check_response "$result" "\"vid\": $vid_65522" +check_response "$result" "\"label\": \"$label_leaf\"" +check_response "$result" "\"issuerSubjectKeyID\": \"$delegator_cert_with_vid_subject_key_id\"" +check_response "$result" "\"dataURL\": \"$data_url_new\"" +check_response "$result" "\"CrlSignerCertificate\": $(<$crl_leaf_cert_with_vid_65522_path)" + +echo $result + +test_divider + +echo "16. UPDATE REVOCATION POINT WHEN POINT NOT FOUND" result=$(dcld tx pki update-revocation-point --vid=$vid_65522 --certificate="$pai_cert_with_numeric_vid_pid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_65522 --yes) response_does_not_contain "$result" "\"code\": 0" @@ -263,7 +348,7 @@ echo $result test_divider -echo "13. UPDATE REVOCATION POINT FOR PAA WHEN NEW CERT IS NOT PAA" +echo "17. UPDATE REVOCATION POINT FOR PAA WHEN NEW CERT IS NOT PAA" result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$pai_cert_with_numeric_vid_pid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account --yes) response_does_not_contain "$result" "\"code\": 0" @@ -271,7 +356,7 @@ echo $result test_divider -echo "14. UPDATE REVOCATION POINT WHEN SENDER IS NOT VENDOR" +echo "18. UPDATE REVOCATION POINT WHEN SENDER IS NOT VENDOR" result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$paa_cert_with_numeric_vid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$trustee_account --yes) response_does_not_contain "$result" "\"code\": 0" @@ -279,7 +364,7 @@ echo $result test_divider -echo "15. UPDATE REVOCATION POINT FOR PAA WHEN SENDER VID IS NOT EQUAL TO CERT VID" +echo "19. UPDATE REVOCATION POINT FOR PAA WHEN SENDER VID IS NOT EQUAL TO CERT VID" result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$paa_cert_with_numeric_vid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_65522 --yes) response_does_not_contain "$result" "\"code\": 0" @@ -287,7 +372,7 @@ echo $result test_divider -echo "16. UPDATE REVOCATION POINT FOR PAA WHEN MSG VID IS NOT EQUAL TO CERT VID" +echo "20. UPDATE REVOCATION POINT FOR PAA WHEN MSG VID IS NOT EQUAL TO CERT VID" result=$(dcld tx pki update-revocation-point --vid=$vid_65522 --certificate="$paa_cert_with_numeric_vid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account --yes) response_does_not_contain "$result" "\"code\": 0" @@ -295,7 +380,7 @@ echo $result test_divider -echo "17. UPDATE REVOCATION POINT FOR VID-SCOPED PAA" +echo "21. UPDATE REVOCATION POINT FOR VID-SCOPED PAA" schema_version_3=3 result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$root_cert_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --schemaVersion=$schema_version_3 --from=$vendor_account --yes) check_response "$result" "\"code\": 0" @@ -309,7 +394,7 @@ check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\"" check_response "$result" "\"schemaVersion\": $schema_version_3" test_divider -echo "18. UPDATE REVOCATION POINT FOR NON-VID SCOPED PAA" +echo "22. UPDATE REVOCATION POINT FOR NON-VID SCOPED PAA" result=$(dcld tx pki update-revocation-point --vid=$vid_non_vid_scoped --certificate="$test_root_cert_path" --label="$label_non_vid_scoped" --data-url="$data_url_non_vid_scoped" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_non_vid_scoped --yes) check_response "$result" "\"code\": 0" @@ -323,7 +408,7 @@ check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\"" test_divider -echo "19. UPDATE REVOCATION POINT FOR PAI" +echo "23. UPDATE REVOCATION POINT FOR PAI" result=$(dcld tx pki update-revocation-point --vid=$vid_65522 --certificate="$pai_cert_vid_path" --label="$label_pai" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_65522 --yes) check_response "$result" "\"code\": 0" @@ -337,7 +422,7 @@ check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\"" test_divider -echo "20. DELETE REVOCATION PAA" +echo "24. DELETE REVOCATION PAA" result=$(dcld tx pki delete-revocation-point --vid=$vid --label="$label" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account --yes) check_response "$result" "\"code\": 0" @@ -348,7 +433,7 @@ check_response "$result" "Not Found" test_divider -echo "21. DELETE REVOCATION PAI" +echo "25. DELETE REVOCATION PAI" result=$(dcld tx pki delete-revocation-point --vid=$vid_65522 --label="$label_pai" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_65522 --yes) check_response "$result" "\"code\": 0" diff --git a/integration_tests/constants/constants.go b/integration_tests/constants/constants.go index 1c45ac443..71c5afc94 100644 --- a/integration_tests/constants/constants.go +++ b/integration_tests/constants/constants.go @@ -561,37 +561,91 @@ HGBcCo5whZU= -----END CERTIFICATE-----` IntermediateCertWithVid1 = `-----BEGIN CERTIFICATE----- -MIICejCCAiGgAwIBAgIBAzAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP +MIICiTCCAi+gAwIBAgIBAzAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD -DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy -NjEyMDczMloYDzMwMjMwNjI5MTIwNzMyWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV +DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDMy +NzA2MDcxMloYDzMwMjMwNzI5MDYwNzEyWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93 d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGC onwCAgwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0 G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7 -1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME -GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNHADBEAiAOQSIQ -sdClGJ86LQ1p7e+kb0Dg+YsyxIv2XHdUvIVn2gIgBkbzBccRbDG3p/+gnPhF+7xP -T/SKbO+GZvoizizl6Gc= +1jRkVsyjUDBOMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME +GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAMBgNVHRMEBTADAQH/MAoGCCqGSM49 +BAMCA0gAMEUCIQCy8SeF6UXIGM+0X6fc5tqSrgAQ1nCN5cvsWyfZvH0y9wIgQ45S +TXQomsOa4eHQpJzsY/JQqprA0FapY1nsvL+PQFg= -----END CERTIFICATE-----` IntermediateCertWithVid2 = `-----BEGIN CERTIFICATE----- -MIICezCCAiGgAwIBAgIBBDAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP +MIICiDCCAi+gAwIBAgIBBDAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD -DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy -NjEzMDcwNVoYDzMwMjMwNjI5MTMwNzA1WjCBrjELMAkGA1UEBhMCVVMxETAPBgNV +DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDMy +NzE1MzQxMVoYDzMwMjMwNzI5MTUzNDExWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93 d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYyMRQwEgYKKwYBBAGC onwCAgwERkZGMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0 G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7 -1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME -GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNIADBFAiEAkApx -PWFFDoptmYnsW1QhKqrcD+xmFgJA4SWTH5Q1efMCIDWqdG0sAgum+FphfM4HF6XV -M6mDL6NurBAW1pJlg8OT +1jRkVsyjUDBOMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME +GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAMBgNVHRMEBTADAQH/MAoGCCqGSM49 +BAMCA0cAMEQCIHkhL7r/xEi16827IYysHe0w8X0rsbU5zcHcbK1wt0ALAiASEZMI +NN1ZIQJHBjCm+vWh3Jsjt2wUHKIM5i64Wd9kPA== +-----END CERTIFICATE-----` + + LeafCertWithVid = `-----BEGIN CERTIFICATE----- +MIICrjCCAlSgAwIBAgIUBCg+BsyaPLK2sNxttFUIbDF/FPAwCgYIKoZIzj0EAwIw +ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3 +IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu +ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC +onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI2MTAyNDI1 +WhgPMzAyMzA3MjgxMDI0MjVaMIGaMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3 +IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRowGAYDVQQKDBFDUkwtbGVhZiB3aXRo +IFZJRDEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4 +YW1wbGUuY29tMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABNk/8AZJsYEd7kBVDv5c+Mm4kNsuyMF1d+UTOTlptsCzx4YwLlCX +SSr2SwDHbkRvMbp5cfFt9uyNc0Tx3bVVyPWjYDBeMB0GA1UdDgQWBBTWmCYQvqwj +dAkKQAvNOWVT8Xaw9TAfBgNVHSMEGDAWgBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAM +BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIBgjAKBggqhkjOPQQDAgNIADBFAiEA +nAoa731+XkR5/0XaESqHG40IZysduxN8sJo2sJpPvvwCICGn7oAwDmQh0umEJ6dK +Vtv3RJ9iuKtC/fkzUzhv9c0z +-----END CERTIFICATE-----` + + LeafCertWithVidPid = `-----BEGIN CERTIFICATE----- +MIICzDCCAnKgAwIBAgIUG6W5A5QhAdUKiVAG9yo5VrndE2IwCgYIKoZIzj0EAwIw +ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3 +IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu +ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC +onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI2MTAzNTI4 +WhgPMzAyMzA3MjgxMDM1MjhaMIG4MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3 +IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSIwIAYDVQQKDBlDUkwtbGVhZiB3aXRo +IFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD +DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYB +BAGConwCAgwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNk/8AZJsYEd +7kBVDv5c+Mm4kNsuyMF1d+UTOTlptsCzx4YwLlCXSSr2SwDHbkRvMbp5cfFt9uyN +c0Tx3bVVyPWjYDBeMB0GA1UdDgQWBBTWmCYQvqwjdAkKQAvNOWVT8Xaw9TAfBgNV +HSMEGDAWgBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAMBgNVHRMBAf8EAjAAMA4GA1Ud +DwEB/wQEAwIBgjAKBggqhkjOPQQDAgNIADBFAiEAhs/qxSBUSsRdqXfC8tQlPIPU +CNbAI81hYOHbiOx6fD0CIFz63D+Ug7xurPSqAPHoTAY6MhseK4IrbAjKRPA0sQl5 +-----END CERTIFICATE-----` + + LeafCertWithoutVidPid = `-----BEGIN CERTIFICATE----- +MIICozCCAkmgAwIBAgIUDXi3VEZsSRTrSqZuIqDWX0Ar4egwCgYIKoZIzj0EAwIw +ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3 +IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu +ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC +onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI2MTEwNjIz +WhgPMzAyMzA3MjgxMTA2MjNaMIGPMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3 +IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSUwIwYDVQQKDBxDUkwtbGVhZiB3aXRo +b3V0IFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD +VQQDDA93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZ +P/AGSbGBHe5AVQ7+XPjJuJDbLsjBdXflEzk5abbAs8eGMC5Ql0kq9ksAx25EbzG6 +eXHxbfbsjXNE8d21Vcj1o2AwXjAdBgNVHQ4EFgQU1pgmEL6sI3QJCkALzTllU/F2 +sPUwHwYDVR0jBBgwFoAUDozoyLiqULwlhVa5sZzCx9nFLxcwDAYDVR0TAQH/BAIw +ADAOBgNVHQ8BAf8EBAMCAYIwCgYIKoZIzj0EAwIDSAAwRQIhAPIzS2Tlov+9/R6U +fJhEWAA8mOgN9OVCdPWAegWuN3b2AiApXciu/dT4B5db3puPWrAsMjAUYF2Owc/D +eujhLsD51w== -----END CERTIFICATE-----` RootIssuer = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh" @@ -613,12 +667,13 @@ M6mDL6NurBAW1pJlg8OT LeafCertWithSameSubjectAndSKIDSubjectKeyID = "12:16:55:8E:5E:2A:DF:04:D7:E6:FE:D1:53:69:61:98:EF:17:2F:03" LeafCertWithSameSubjectAndSKIDSerialNumber = "5" - IntermediateIssuer = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh" - IntermediateAuthorityKeyID = "5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB" - IntermediateSubject = "MDwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRgwFgYDVQQKDA9pbnRlcm1lZGlhdGUtY2E=" - IntermediateSubjectAsText = "O=intermediate-ca,ST=some-state,C=AU" - IntermediateSubjectKeyID = "4E:3B:73:F4:70:4D:C2:98:0D:DB:C8:5A:5F:02:3B:BF:86:25:56:2B" - IntermediateSerialNumber = "169917617234879872371588777545667947720450185023" + IntermediateIssuer = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh" + IntermediateAuthorityKeyID = "5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB" + IntermediateSubject = "MDwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRgwFgYDVQQKDA9pbnRlcm1lZGlhdGUtY2E=" + IntermediateSubjectAsText = "O=intermediate-ca,ST=some-state,C=AU" + IntermediateSubjectKeyID = "4E:3B:73:F4:70:4D:C2:98:0D:DB:C8:5A:5F:02:3B:BF:86:25:56:2B" + IntermediateSubjectKeyIDWithoutColumns = "4E3B73F4704DC2980DDBC85A5F023BBF8625562B" + IntermediateSerialNumber = "169917617234879872371588777545667947720450185023" LeafIssuer = "MDwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRgwFgYDVQQKDA9pbnRlcm1lZGlhdGUtY2E=" LeafAuthorityKeyID = "4E:3B:73:F4:70:4D:C2:98:D:DB:C8:5A:5F:02:3B:BF:86:25:56:2B" @@ -657,16 +712,39 @@ M6mDL6NurBAW1pJlg8OT TestCertPemVid = 4701 - RootCertWithVidSubject = "MIGYMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=" - RootCertWithVidSubjectKeyID = "CE:A8:92:66:EA:E0:80:BD:2B:B5:68:E4:0B:07:C4:FA:2C:34:6D:31" - RootCertWithVidVid = 65521 + RootCertWithVidSubject = "MIGYMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=" + RootCertWithVidSubjectKeyID = "CE:A8:92:66:EA:E0:80:BD:2B:B5:68:E4:0B:07:C4:FA:2C:34:6D:31" + RootCertWithVidSubjectKeyIDWithoutColumns = "CEA89266EAE080BD2BB568E40B07C4FA2C346D31" + RootCertWithVidVid = 65521 - IntermediateCertWithVid1Subject = "MIGuMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDARGRkYx" - IntermediateCertWithVid1SubjectKeyID = "0E:8C:E8:C8:B8:AA:50:BC:25:85:56:B9:B1:9C:C2:C7:D9:C5:2F:17" - IntermediateCertWithVid1SerialNumber = "3" - IntermediateCertWithVid1Vid = 65521 + IntermediateCertWithVid1Subject = "MIGuMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDARGRkYx" + IntermediateCertWithVid1SubjectKeyID = "0E:8C:E8:C8:B8:AA:50:BC:25:85:56:B9:B1:9C:C2:C7:D9:C5:2F:17" + IntermediateCertWithVid1SubjectKeyIDWithoutColumns = "0E8CE8C8B8AA50BC258556B9B19CC2C7D9C52F17" + IntermediateCertWithVid1SerialNumber = "3" + IntermediateCertWithVid1Vid = 65521 IntermediateCertWithVid2SubjectKeyID = "0E:8C:E8:C8:B8:AA:50:BC:25:85:56:B9:B1:9C:C2:C7:D9:C5:2F:17" IntermediateCertWithVid2SerialNumber = "4" IntermediateCertWithVid2Vid = 65522 + + LeafCertWithVidSubject = "MIGaMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRowGAYDVQQKDBFDUkwtbGVhZiB3aXRoIFZJRDEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGConwCAQwERkZGMQ==" + LeafCertWithVidSubjectAsText = "CN=www.example.com,OU=Testing Division,O=CRL-leaf with VID,L=New York,ST=New York,C=US,vid=0xFFF1" + LeafCertWithVidSubjectKeyID = "D6:98:26:10:BE:AC:23:74:09:0A:40:0B:CD:39:65:53:F1:76:B0:F5" + LeafCertWithVidAuthorityKeyID = IntermediateCertWithVid1SubjectKeyID + LeafCertWithVidSerialNumber = "23733396166621909643583307546615137635389084912" + LeafCertWithVidVid = 65521 + + LeafCertWithVidPidSubject = "MIG4MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSIwIAYDVQQKDBlDUkwtbGVhZiB3aXRoIFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGConwCAgwERkZGMQ==" + LeafCertWithVidPidSubjectAsText = "CN=www.example.com,OU=Testing Division,O=CRL-leaf with VID and PID,L=New York,ST=New York,C=US,pid=0xFFF1,vid=0xFFF1" + LeafCertWithVidPidSubjectKeyID = "D6:98:26:10:BE:AC:23:74:09:0A:40:0B:CD:39:65:53:F1:76:B0:F5" + LeafCertWithVidPidAuthorityKeyID = IntermediateCertWithVid1SubjectKeyID + LeafCertWithVidPidSerialNumber = "157838490760642822714861562571853387507185816418" + LeafCertWithVidPidVid = 65521 + LeafCertWithVidPidPid = 65521 + + LeafCertWithoutVidPidSubject = "MIGPMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSUwIwYDVQQKDBxDUkwtbGVhZiB3aXRob3V0IFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20=" + LeafCertWithoutVidPidSubjectAsText = "CN=www.example.com,OU=Testing Division,O=CRL-leaf without VID and PID,L=New York,ST=New York,C=US" + LeafCertWithoutVidPidSubjectKeyID = "D6:98:26:10:BE:AC:23:74:09:0A:40:0B:CD:39:65:53:F1:76:B0:F5" + LeafCertWithoutVidPidAuthorityKeyID = IntermediateCertWithVid1SubjectKeyID + LeafCertWithoutVidPidSerialNumber = "76908939670186132114931832808683834138281370088" ) diff --git a/integration_tests/constants/intermediate_cert_with_vid_1 b/integration_tests/constants/intermediate_cert_with_vid_1 index 41e40b049..2a8e9b086 100644 --- a/integration_tests/constants/intermediate_cert_with_vid_1 +++ b/integration_tests/constants/intermediate_cert_with_vid_1 @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICejCCAiGgAwIBAgIBAzAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP +MIICiTCCAi+gAwIBAgIBAzAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD -DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy -NjEyMDczMloYDzMwMjMwNjI5MTIwNzMyWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV +DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDMy +NzA2MDcxMloYDzMwMjMwNzI5MDYwNzEyWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93 d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGC onwCAgwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0 G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7 -1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME -GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNHADBEAiAOQSIQ -sdClGJ86LQ1p7e+kb0Dg+YsyxIv2XHdUvIVn2gIgBkbzBccRbDG3p/+gnPhF+7xP -T/SKbO+GZvoizizl6Gc= +1jRkVsyjUDBOMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME +GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAMBgNVHRMEBTADAQH/MAoGCCqGSM49 +BAMCA0gAMEUCIQCy8SeF6UXIGM+0X6fc5tqSrgAQ1nCN5cvsWyfZvH0y9wIgQ45S +TXQomsOa4eHQpJzsY/JQqprA0FapY1nsvL+PQFg= -----END CERTIFICATE----- \ No newline at end of file diff --git a/integration_tests/constants/intermediate_cert_with_vid_1_copy b/integration_tests/constants/intermediate_cert_with_vid_1_copy new file mode 100644 index 000000000..499a9e4b5 --- /dev/null +++ b/integration_tests/constants/intermediate_cert_with_vid_1_copy @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICnTCCAkKgAwIBAgIUD05hvGL08UmRJivrVoLd/raw9gswCgYIKoZIzj0EAwIw +gZgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3 +IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu +ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC +onwCAQwERkZGMTAgFw0yNDAzMjcxNTQyNDBaGA8zMDIzMDcyOTE1NDI0MFowga4x +CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlv +cmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGluZyBE +aXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGConwC +AQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwWTATBgcqhkjOPQIBBggqhkjO +PQMBBwNCAATkzYfLtuwp0RnY9BtP89KKPa7CnKYFKIEPH2GBIP0ApWBRyboRW39T +PlXXjEnG5ZabeJBh9ooe2lNW+9Y0ZFbMo1AwTjAdBgNVHQ4EFgQUDozoyLiqULwl +hVa5sZzCx9nFLxcwHwYDVR0jBBgwFoAUzqiSZurggL0rtWjkCwfE+iw0bTEwDAYD +VR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAl/iTG29rwOctwFeMaHgTodgd +DYLiKs1zgIKJhrFxgkICIQCGd/dl4uGHg4bHO9ip46oMrsTs0OZNtEYx9df8AG7w +IA== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/integration_tests/constants/intermediate_cert_with_vid_2 b/integration_tests/constants/intermediate_cert_with_vid_2 index f3397aa54..ffbf0b90d 100644 --- a/integration_tests/constants/intermediate_cert_with_vid_2 +++ b/integration_tests/constants/intermediate_cert_with_vid_2 @@ -1,16 +1,16 @@ -----BEGIN CERTIFICATE----- -MIICezCCAiGgAwIBAgIBBDAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP +MIICiDCCAi+gAwIBAgIBBDAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD -DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy -NjEzMDcwNVoYDzMwMjMwNjI5MTMwNzA1WjCBrjELMAkGA1UEBhMCVVMxETAPBgNV +DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDMy +NzE1MzQxMVoYDzMwMjMwNzI5MTUzNDExWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93 d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYyMRQwEgYKKwYBBAGC onwCAgwERkZGMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0 G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7 -1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME -GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNIADBFAiEAkApx -PWFFDoptmYnsW1QhKqrcD+xmFgJA4SWTH5Q1efMCIDWqdG0sAgum+FphfM4HF6XV -M6mDL6NurBAW1pJlg8OT +1jRkVsyjUDBOMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME +GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAMBgNVHRMEBTADAQH/MAoGCCqGSM49 +BAMCA0cAMEQCIHkhL7r/xEi16827IYysHe0w8X0rsbU5zcHcbK1wt0ALAiASEZMI +NN1ZIQJHBjCm+vWh3Jsjt2wUHKIM5i64Wd9kPA== -----END CERTIFICATE----- \ No newline at end of file diff --git a/integration_tests/constants/leaf_cert_with_vid_65521 b/integration_tests/constants/leaf_cert_with_vid_65521 new file mode 100644 index 000000000..01cefbc6c --- /dev/null +++ b/integration_tests/constants/leaf_cert_with_vid_65521 @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrjCCAlSgAwIBAgIUBCg+BsyaPLK2sNxttFUIbDF/FPAwCgYIKoZIzj0EAwIw +ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3 +IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu +ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC +onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI2MTAyNDI1 +WhgPMzAyMzA3MjgxMDI0MjVaMIGaMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3 +IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRowGAYDVQQKDBFDUkwtbGVhZiB3aXRo +IFZJRDEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4 +YW1wbGUuY29tMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABNk/8AZJsYEd7kBVDv5c+Mm4kNsuyMF1d+UTOTlptsCzx4YwLlCX +SSr2SwDHbkRvMbp5cfFt9uyNc0Tx3bVVyPWjYDBeMB0GA1UdDgQWBBTWmCYQvqwj +dAkKQAvNOWVT8Xaw9TAfBgNVHSMEGDAWgBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAM +BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIBgjAKBggqhkjOPQQDAgNIADBFAiEA +nAoa731+XkR5/0XaESqHG40IZysduxN8sJo2sJpPvvwCICGn7oAwDmQh0umEJ6dK +Vtv3RJ9iuKtC/fkzUzhv9c0z +-----END CERTIFICATE----- \ No newline at end of file diff --git a/integration_tests/constants/leaf_cert_with_vid_65522 b/integration_tests/constants/leaf_cert_with_vid_65522 new file mode 100644 index 000000000..e1fa2e5a0 --- /dev/null +++ b/integration_tests/constants/leaf_cert_with_vid_65522 @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICuTCCAl+gAwIBAgIUJ8QWVXvctSk1w7hRdtLIvrgglgAwCgYIKoZIzj0EAwIw +ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3 +IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu +ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC +onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI3MTI1MDI3 +WhgPMzAyMzA3MjkxMjUwMjdaMIGlMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3 +IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSUwIwYDVQQKDBxDUkwtbGVhZiB3aXRo +b3V0IFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD +VQQDDA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYyMFkwEwYH +KoZIzj0CAQYIKoZIzj0DAQcDQgAE2T/wBkmxgR3uQFUO/lz4ybiQ2y7IwXV35RM5 +OWm2wLPHhjAuUJdJKvZLAMduRG8xunlx8W327I1zRPHdtVXI9aNgMF4wHQYDVR0O +BBYEFNaYJhC+rCN0CQpAC805ZVPxdrD1MB8GA1UdIwQYMBaAFA6M6Mi4qlC8JYVW +ubGcwsfZxS8XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgGCMAoGCCqGSM49 +BAMCA0gAMEUCIQCqGZtCl5fCQf9KIAl6rOE9Xegf/NZAtrJoVmDfJ8yFbgIgZXBs +CBffM8rd8twMhqjhovJDeDRYSbYeWq8mgdLkycc= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/integration_tests/constants/leaf_cert_without_vid b/integration_tests/constants/leaf_cert_without_vid new file mode 100644 index 000000000..be68beed4 --- /dev/null +++ b/integration_tests/constants/leaf_cert_without_vid @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICozCCAkmgAwIBAgIUDXi3VEZsSRTrSqZuIqDWX0Ar4egwCgYIKoZIzj0EAwIw +ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3 +IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu +ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC +onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI2MTEwNjIz +WhgPMzAyMzA3MjgxMTA2MjNaMIGPMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3 +IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSUwIwYDVQQKDBxDUkwtbGVhZiB3aXRo +b3V0IFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD +VQQDDA93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZ +P/AGSbGBHe5AVQ7+XPjJuJDbLsjBdXflEzk5abbAs8eGMC5Ql0kq9ksAx25EbzG6 +eXHxbfbsjXNE8d21Vcj1o2AwXjAdBgNVHQ4EFgQU1pgmEL6sI3QJCkALzTllU/F2 +sPUwHwYDVR0jBBgwFoAUDozoyLiqULwlhVa5sZzCx9nFLxcwDAYDVR0TAQH/BAIw +ADAOBgNVHQ8BAf8EBAMCAYIwCgYIKoZIzj0EAwIDSAAwRQIhAPIzS2Tlov+9/R6U +fJhEWAA8mOgN9OVCdPWAegWuN3b2AiApXciu/dT4B5db3puPWrAsMjAUYF2Owc/D +eujhLsD51w== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/proto/pki/pki_revocation_distribution_point.proto b/proto/pki/pki_revocation_distribution_point.proto index 7818ab4e2..6b7338e7f 100644 --- a/proto/pki/pki_revocation_distribution_point.proto +++ b/proto/pki/pki_revocation_distribution_point.proto @@ -16,5 +16,6 @@ message PkiRevocationDistributionPoint { uint32 dataDigestType = 10; uint32 revocationType = 11; uint32 schemaVersion = 12; + string crlSignerDelegator = 13; } diff --git a/proto/pki/tx.proto b/proto/pki/tx.proto index c16050eb0..ea750f404 100644 --- a/proto/pki/tx.proto +++ b/proto/pki/tx.proto @@ -131,6 +131,7 @@ message MsgAddPkiRevocationDistributionPoint { uint32 dataDigestType = 11; uint32 revocationType = 12 [(gogoproto.moretags) = "validate:\"required\""]; uint32 schemaVersion = 13 [(gogoproto.moretags) = "validate:\"gte=0,lte=65535\""]; + string crlSignerDelegator = 14 [(gogoproto.moretags) = "validate:\"max=10485760\""]; } message MsgAddPkiRevocationDistributionPointResponse { @@ -147,6 +148,7 @@ message MsgUpdatePkiRevocationDistributionPoint { string dataDigest = 8; uint32 dataDigestType = 9; uint32 schemaVersion = 10 [(gogoproto.moretags) = "validate:\"gte=0,lte=65535\""]; + string crlSignerDelegator = 11 [(gogoproto.moretags) = "validate:\"max=10485760\""]; } message MsgUpdatePkiRevocationDistributionPointResponse { diff --git a/types/pki/errors.go b/types/pki/errors.go index 407128a66..66782cbe7 100644 --- a/types/pki/errors.go +++ b/types/pki/errors.go @@ -49,6 +49,8 @@ var ( ErrCertNotChainedBack = sdkerrors.Register(ModuleName, 438, "Certificate is not chained back to a root certificate on DCL") ErrCertVidNotEqualAccountVid = sdkerrors.Register(ModuleName, 439, "account's vid is not equal to certificate vid") ErrCertVidNotEqualToRootVid = sdkerrors.Register(ModuleName, 440, "certificate's vid is not equal to vid of root certificate ") + ErrCRLSignerCertificateInvalidFormat = sdkerrors.Register(ModuleName, 441, "CRLSignerCertificate pid does not equal message pid") + ErrInvalidAuthorityKeyIDFormat = sdkerrors.Register(ModuleName, 442, "CRLSignerCertificate pid does not equal message pid") ) func NewErrUnauthorizedRole(transactionName string, requiredRole types.AccountRole) error { @@ -231,6 +233,13 @@ func NewErrRootCertVidNotEqualToAccountVid(rootVID int32, accountVID int32) erro rootVID, accountVID) } +func NewErrCRLSignerCertificateInvalidFormat() error { + return sdkerrors.Wrapf( + ErrCRLSignerCertificateInvalidFormat, + "Invalid CRL Signer Certificate format", + ) +} + func NewErrCRLSignerCertificatePidNotEqualMsgPid(certificatePid int32, messagePid int32) error { return sdkerrors.Wrapf( ErrCRLSignerCertificatePidNotEqualMsgPid, @@ -296,6 +305,14 @@ func NewErrWrongSubjectKeyIDFormat() error { ) } +func NewErrInvalidAuthorityKeyIDFormat() error { + return sdkerrors.Wrapf( + ErrInvalidAuthorityKeyIDFormat, + "Invalid AuthorityKeyID format. It must consist of even number of uppercase hexadecimal characters ([0-9A-F]), "+ + "with no whitespace and no non-hexadecimal characters", + ) +} + func NewErrVidNotFound(e interface{}) error { return sdkerrors.Wrapf(ErrVidNotFound, "%v", e) @@ -387,3 +404,11 @@ func NewErrCertificateVidNotEqualMsgVid(e interface{}) error { func NewErrCertNotChainedBack() error { return sdkerrors.Wrapf(ErrCertNotChainedBack, "CRL Signer Certificate is not chained back to root certificate on DCL") } + +func NewErrCRLSignerCertNotChainedBackToDelegator() error { + return sdkerrors.Wrapf(ErrCertNotChainedBack, "CRL Signer Certificate is not chained back to delegated PAI CRL Signer certificate") +} + +func NewErrCRLSignerCertDelegatorNotChainedBack() error { + return sdkerrors.Wrapf(ErrCertNotChainedBack, "Delegated CRL Signer Certificate is not chained back to root certificate on DCL") +} diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts index e76620458..c1ab351c9 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts @@ -43,6 +43,9 @@ export interface PkiRevokedNocRootCertificates { subject?: string; subjectKeyId?: string; certs?: PkiCertificate[]; + + /** @format int64 */ + schemaVersion?: number; } export interface PkiCertificate { @@ -141,8 +144,10 @@ export interface PkiPkiRevocationDistributionPoint { /** @format int64 */ revocationType?: number; - /** @format int64 */ - schemaVersion?: number; + /** @format int64 */ + schemaVersion?: number; + + crlSignerDelegator?: string; } export interface PkiPkiRevocationDistributionPointsByIssuerSubjectKeyID { diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/pki_revocation_distribution_point.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/pki_revocation_distribution_point.ts index 4b44bb783..82c9f9783 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/pki_revocation_distribution_point.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/pki_revocation_distribution_point.ts @@ -17,6 +17,7 @@ export interface PkiRevocationDistributionPoint { dataDigestType: number revocationType: number schemaVersion: number + crlSignerDelegator: string } const basePkiRevocationDistributionPoint: object = { @@ -31,7 +32,8 @@ const basePkiRevocationDistributionPoint: object = { dataDigest: '', dataDigestType: 0, revocationType: 0, - schemaVersion: 0 + schemaVersion: 0, + crlSignerDelegator: '' } export const PkiRevocationDistributionPoint = { @@ -72,6 +74,9 @@ export const PkiRevocationDistributionPoint = { if (message.schemaVersion !== 0) { writer.uint32(96).uint32(message.schemaVersion) } + if (message.crlSignerDelegator !== '') { + writer.uint32(106).string(message.crlSignerDelegator) + } return writer }, @@ -118,6 +123,9 @@ export const PkiRevocationDistributionPoint = { case 12: message.schemaVersion = reader.uint32() break + case 13: + message.crlSignerDelegator = reader.string() + break default: reader.skipType(tag & 7) break @@ -188,6 +196,11 @@ export const PkiRevocationDistributionPoint = { } else { message.schemaVersion = 0 } + if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) { + message.crlSignerDelegator = String(object.crlSignerDelegator) + } else { + message.crlSignerDelegator = '' + } return message }, @@ -205,6 +218,7 @@ export const PkiRevocationDistributionPoint = { message.dataDigestType !== undefined && (obj.dataDigestType = message.dataDigestType) message.revocationType !== undefined && (obj.revocationType = message.revocationType) message.schemaVersion !== undefined && (obj.schemaVersion = message.schemaVersion) + message.crlSignerDelegator !== undefined && (obj.crlSignerDelegator = message.crlSignerDelegator) return obj }, @@ -270,6 +284,11 @@ export const PkiRevocationDistributionPoint = { } else { message.schemaVersion = 0 } + if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) { + message.crlSignerDelegator = object.crlSignerDelegator + } else { + message.crlSignerDelegator = '' + } return message } } diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts index 77cbbbf95..4938da6a8 100644 --- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts +++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts @@ -99,6 +99,7 @@ export interface MsgAddPkiRevocationDistributionPoint { dataDigestType: number revocationType: number schemaVersion: number + crlSignerDelegator: string } export interface MsgAddPkiRevocationDistributionPointResponse {} @@ -114,6 +115,7 @@ export interface MsgUpdatePkiRevocationDistributionPoint { dataDigest: string dataDigestType: number schemaVersion: number + crlSignerDelegator: string } export interface MsgUpdatePkiRevocationDistributionPointResponse {} @@ -1525,7 +1527,8 @@ const baseMsgAddPkiRevocationDistributionPoint: object = { dataDigest: '', dataDigestType: 0, revocationType: 0, - schemaVersion: 0 + schemaVersion: 0, + crlSignerDelegator: '' } export const MsgAddPkiRevocationDistributionPoint = { @@ -1569,6 +1572,9 @@ export const MsgAddPkiRevocationDistributionPoint = { if (message.schemaVersion !== 0) { writer.uint32(104).uint32(message.schemaVersion) } + if (message.crlSignerDelegator !== '') { + writer.uint32(114).string(message.crlSignerDelegator) + } return writer }, @@ -1618,6 +1624,9 @@ export const MsgAddPkiRevocationDistributionPoint = { case 13: message.schemaVersion = reader.uint32() break + case 14: + message.crlSignerDelegator = reader.string() + break default: reader.skipType(tag & 7) break @@ -1693,6 +1702,11 @@ export const MsgAddPkiRevocationDistributionPoint = { } else { message.schemaVersion = 0 } + if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) { + message.crlSignerDelegator = String(object.crlSignerDelegator) + } else { + message.crlSignerDelegator = '' + } return message }, @@ -1711,6 +1725,7 @@ export const MsgAddPkiRevocationDistributionPoint = { message.dataDigestType !== undefined && (obj.dataDigestType = message.dataDigestType) message.revocationType !== undefined && (obj.revocationType = message.revocationType) message.schemaVersion !== undefined && (obj.schemaVersion = message.schemaVersion) + message.crlSignerDelegator !== undefined && (obj.crlSignerDelegator = message.crlSignerDelegator) return obj }, @@ -1781,6 +1796,11 @@ export const MsgAddPkiRevocationDistributionPoint = { } else { message.schemaVersion = 0 } + if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) { + message.crlSignerDelegator = object.crlSignerDelegator + } else { + message.crlSignerDelegator = '' + } return message } } @@ -1833,7 +1853,8 @@ const baseMsgUpdatePkiRevocationDistributionPoint: object = { dataFileSize: 0, dataDigest: '', dataDigestType: 0, - schemaVersion: 0 + schemaVersion: 0, + crlSignerDelegator: '' } export const MsgUpdatePkiRevocationDistributionPoint = { @@ -1868,6 +1889,9 @@ export const MsgUpdatePkiRevocationDistributionPoint = { if (message.schemaVersion !== 0) { writer.uint32(80).uint32(message.schemaVersion) } + if (message.crlSignerDelegator !== '') { + writer.uint32(90).string(message.crlSignerDelegator) + } return writer }, @@ -1908,6 +1932,9 @@ export const MsgUpdatePkiRevocationDistributionPoint = { case 10: message.schemaVersion = reader.uint32() break + case 11: + message.crlSignerDelegator = reader.string() + break default: reader.skipType(tag & 7) break @@ -1968,6 +1995,11 @@ export const MsgUpdatePkiRevocationDistributionPoint = { } else { message.schemaVersion = 0 } + if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) { + message.crlSignerDelegator = String(object.crlSignerDelegator) + } else { + message.crlSignerDelegator = '' + } return message }, @@ -1983,6 +2015,7 @@ export const MsgUpdatePkiRevocationDistributionPoint = { message.dataDigest !== undefined && (obj.dataDigest = message.dataDigest) message.dataDigestType !== undefined && (obj.dataDigestType = message.dataDigestType) message.schemaVersion !== undefined && (obj.schemaVersion = message.schemaVersion) + message.crlSignerDelegator !== undefined && (obj.crlSignerDelegator = message.crlSignerDelegator) return obj }, @@ -2038,6 +2071,11 @@ export const MsgUpdatePkiRevocationDistributionPoint = { } else { message.schemaVersion = 0 } + if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) { + message.crlSignerDelegator = object.crlSignerDelegator + } else { + message.crlSignerDelegator = '' + } return message } } diff --git a/x/pki/client/cli/flags.go b/x/pki/client/cli/flags.go index a6322f0c8..25b0a497c 100644 --- a/x/pki/client/cli/flags.go +++ b/x/pki/client/cli/flags.go @@ -29,4 +29,5 @@ const ( FlagRevokeChild = "revoke-child" FlagRevokeChildShortcut = "r" FlagCertificateSchemaVersion = "certificate-schema-version" + FlagCertificateDelegator = "certificate-delegator" ) diff --git a/x/pki/client/cli/tx_add_pki_revocation_distribution_point.go b/x/pki/client/cli/tx_add_pki_revocation_distribution_point.go index 7ae91dfc0..bda5bc4f7 100644 --- a/x/pki/client/cli/tx_add_pki_revocation_distribution_point.go +++ b/x/pki/client/cli/tx_add_pki_revocation_distribution_point.go @@ -22,6 +22,7 @@ func CmdAddPkiRevocationDistributionPoint() *cobra.Command { isPAA bool label string crlSignerCertificate string + crlSignerDelegator string issuerSubjectKeyID string dataURL string dataFileSize uint64 @@ -46,6 +47,11 @@ func CmdAddPkiRevocationDistributionPoint() *cobra.Command { return err } + crlSignerDelegatorPem, err := cli.ReadFromFile(crlSignerDelegator) + if err != nil { + return err + } + msg := types.NewMsgAddPkiRevocationDistributionPoint( clientCtx.GetFromAddress().String(), vid, @@ -53,6 +59,7 @@ func CmdAddPkiRevocationDistributionPoint() *cobra.Command { isPAA, label, cert, + crlSignerDelegatorPem, issuerSubjectKeyID, dataURL, dataFileSize, @@ -79,6 +86,7 @@ func CmdAddPkiRevocationDistributionPoint() *cobra.Command { cmd.Flags().BoolVar(&isPAA, FlagIsPAA, true, "True if the revocation information distribution point relates to a PAA (Root certificate)") cmd.Flags().StringVarP(&label, FlagLabel, FlagLabelShortcut, "", " A label to disambiguate multiple revocation information partitions of a particular issuer") cmd.Flags().StringVarP(&crlSignerCertificate, FlagCertificate, FlagCertificateShortcut, "", "The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data") + cmd.Flags().StringVar(&crlSignerDelegator, FlagCertificateDelegator, "", "The delegator certificate of CRL signer Certificate which must be chained back to approved certificate in the ledger, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data") cmd.Flags().StringVar(&issuerSubjectKeyID, FlagIssuerSubjectKeyID, "", "Uniquely identifies the PAA or PAI for which this revocation distribution point is provided. Must consist of even number of uppercase hexadecimal characters ([0-9A-F]), with no whitespace and no non-hexadecimal characters., e.g: 5A880E6C3653D07FB08971A3F473790930E62BDB") cmd.Flags().StringVar(&dataURL, FlagDataURL, "", "The URL where to obtain the information in the format indicated by the RevocationType field. Must start with either http or https") cmd.Flags().Uint64Var(&dataFileSize, FlagDataFileSize, 0, "Total size in bytes of the file found at the DataURL. Must be omitted if RevocationType is 1") diff --git a/x/pki/client/cli/tx_update_pki_revocation_distribution_point.go b/x/pki/client/cli/tx_update_pki_revocation_distribution_point.go index cfbfa75ae..533b0a295 100644 --- a/x/pki/client/cli/tx_update_pki_revocation_distribution_point.go +++ b/x/pki/client/cli/tx_update_pki_revocation_distribution_point.go @@ -20,6 +20,7 @@ func CmdUpdatePkiRevocationDistributionPoint() *cobra.Command { vid int32 label string crlSignerCertificate string + crlSignerDelegator string issuerSubjectKeyID string dataURL string dataFileSize uint64 @@ -43,11 +44,17 @@ func CmdUpdatePkiRevocationDistributionPoint() *cobra.Command { return err } + crlSignerDelegatorPem, err := cli.ReadFromFile(crlSignerDelegator) + if err != nil { + return err + } + msg := types.NewMsgUpdatePkiRevocationDistributionPoint( clientCtx.GetFromAddress().String(), vid, label, cert, + crlSignerDelegatorPem, issuerSubjectKeyID, dataURL, dataFileSize, @@ -70,6 +77,7 @@ func CmdUpdatePkiRevocationDistributionPoint() *cobra.Command { "Vendor ID (positive non-zero). Must be the same as Vendor account's VID and vid field in the VID-scoped CRLSignerCertificate") cmd.Flags().StringVarP(&label, FlagLabel, FlagLabelShortcut, "", " A label to disambiguate multiple revocation information partitions of a particular issuer") cmd.Flags().StringVarP(&crlSignerCertificate, FlagCertificate, FlagCertificateShortcut, "", "The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data") + cmd.Flags().StringVar(&crlSignerDelegator, FlagCertificateDelegator, "", "The delegator certificate of CRL signer Certificate which must be chained back to approved certificate in the ledger, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data") cmd.Flags().StringVar(&issuerSubjectKeyID, FlagIssuerSubjectKeyID, "", "Uniquely identifies the PAA or PAI for which this revocation distribution point is provided. Must consist of even number of uppercase hexadecimal characters ([0-9A-F]), with no whitespace and no non-hexadecimal characters., e.g: 5A880E6C3653D07FB08971A3F473790930E62BDB") cmd.Flags().StringVar(&dataURL, FlagDataURL, "", "The URL where to obtain the information in the format indicated by the RevocationType field. Must start with either http or https") cmd.Flags().Uint64Var(&dataFileSize, FlagDataFileSize, 0, "Total size in bytes of the file found at the DataURL. Must be omitted if RevocationType is 1") diff --git a/x/pki/handler_add_revocation_test.go b/x/pki/handler_add_revocation_test.go index 8ea6d8a5d..847d4fbc8 100644 --- a/x/pki/handler_add_revocation_test.go +++ b/x/pki/handler_add_revocation_test.go @@ -104,6 +104,63 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { addRevocation: createAddRevocationMessageWithPAACertNoVid(accAddress.String(), testconstants.Vid), err: pkitypes.ErrMessageVidNotEqualRootCertVid, }, + { + name: "Invalid PAI Delegator certificate", + accountVid: testconstants.LeafCertWithVidVid, + accountRole: dclauthtypes.Vendor, + rootCertOptions: createRootWithVidOptions(), + addRevocation: &types.MsgAddPkiRevocationDistributionPoint{ + Signer: accAddress.String(), + Vid: testconstants.LeafCertWithVidVid, + IsPAA: false, + Pid: 0, + CrlSignerCertificate: testconstants.LeafCertWithVid, + CrlSignerDelegator: "invalid", + Label: label, + DataURL: testconstants.DataURL, + IssuerSubjectKeyID: testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns, + RevocationType: types.CRLRevocationType, + }, + err: pkitypes.ErrInvalidCertificate, + }, + { + name: "CRL Signer Certificate is not chained back to Delegator PAI certificate", + accountVid: testconstants.LeafCertWithVidVid, + accountRole: dclauthtypes.Vendor, + rootCertOptions: createRootWithVidOptions(), + addRevocation: &types.MsgAddPkiRevocationDistributionPoint{ + Signer: accAddress.String(), + Vid: testconstants.LeafCertWithVidVid, + IsPAA: false, + Pid: 0, + CrlSignerCertificate: testconstants.LeafCertWithVid, + CrlSignerDelegator: testconstants.IntermediateCertPem, + Label: label, + DataURL: testconstants.DataURL, + IssuerSubjectKeyID: testconstants.IntermediateSubjectKeyIDWithoutColumns, + RevocationType: types.CRLRevocationType, + }, + err: pkitypes.ErrCertNotChainedBack, + }, + { + name: "Delegated CRL Signer Certificate is not chained back to root certificate on DCL", + accountVid: testconstants.LeafCertWithVidVid, + accountRole: dclauthtypes.Vendor, + rootCertOptions: createTestRootCertOptions(), + addRevocation: &types.MsgAddPkiRevocationDistributionPoint{ + Signer: accAddress.String(), + Vid: testconstants.LeafCertWithVidVid, + IsPAA: false, + Pid: 0, + CrlSignerCertificate: testconstants.LeafCertWithVid, + CrlSignerDelegator: testconstants.IntermediateCertWithVid1, + Label: label, + DataURL: testconstants.DataURL, + IssuerSubjectKeyID: testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns, + RevocationType: types.CRLRevocationType, + }, + err: pkitypes.ErrCertNotChainedBack, + }, } for _, tc := range cases { @@ -172,7 +229,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) { name: "PAANoVid", rootCertOptions: createPAACertNoVidOptions(testconstants.VendorID1), addRevocation: createAddRevocationMessageWithPAACertNoVid(vendorAcc.String(), testconstants.VendorID1), - SchemaVersion: 1000000, + SchemaVersion: 65535, }, { name: "PAIWithVid", @@ -188,7 +245,24 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) { IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, RevocationType: types.CRLRevocationType, }, - SchemaVersion: 999999999, + SchemaVersion: testconstants.SchemaVersion, + }, + { + name: "PAIWithDelegatedCert", + rootCertOptions: createTestRootCertOptions(), + addRevocation: &types.MsgAddPkiRevocationDistributionPoint{ + Signer: vendorAcc.String(), + Vid: 65522, + IsPAA: false, + Pid: 0, + CrlSignerCertificate: testconstants.LeafCertPem, + CrlSignerDelegator: testconstants.IntermediateCertPem, + Label: label, + DataURL: testconstants.DataURL, + IssuerSubjectKeyID: testconstants.IntermediateSubjectKeyIDWithoutColumns, + RevocationType: types.CRLRevocationType, + }, + SchemaVersion: testconstants.SchemaVersion, }, } @@ -202,11 +276,11 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) { _, err := setup.Handler(setup.Ctx, tc.addRevocation) require.NoError(t, err) - revocationPoint, isFound := setup.Keeper.GetPkiRevocationDistributionPoint(setup.Ctx, tc.addRevocation.Vid, label, testconstants.SubjectKeyIDWithoutColons) + revocationPoint, isFound := setup.Keeper.GetPkiRevocationDistributionPoint(setup.Ctx, tc.addRevocation.Vid, label, tc.addRevocation.IssuerSubjectKeyID) require.True(t, isFound) assertRevocationPointEqual(t, tc.addRevocation, &revocationPoint) - revocationPointBySubjectKeyID, isFound := setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons) + revocationPointBySubjectKeyID, isFound := setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, tc.addRevocation.IssuerSubjectKeyID) require.True(t, isFound) assertRevocationPointEqual(t, tc.addRevocation, revocationPointBySubjectKeyID.Points[0]) }) diff --git a/x/pki/handler_update_revocation_test.go b/x/pki/handler_update_revocation_test.go index 2f3732802..5f6dfe7c9 100644 --- a/x/pki/handler_update_revocation_test.go +++ b/x/pki/handler_update_revocation_test.go @@ -168,6 +168,42 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T }, err: pkitypes.ErrDataFieldPresented, }, + { + name: "Invalid PAI Delegator certificate", + accountVid: testconstants.LeafCertWithVidVid, + vendorAccVid: testconstants.LeafCertWithVidVid, + accountRole: dclauthtypes.Vendor, + rootCertOptions: createRootWithVidOptions(), + addRevocation: createAddRevocationMessageWithLeafCertWithVid(vendorAcc.String()), + updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ + Signer: vendorAcc.String(), + Vid: testconstants.LeafCertWithVidVid, + CrlSignerCertificate: testconstants.LeafCertWithVid, + CrlSignerDelegator: "invalid", + Label: label, + DataURL: testconstants.DataURL, + IssuerSubjectKeyID: testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns, + }, + err: pkitypes.ErrInvalidCertificate, + }, + { + name: "CRL Signer Certificate is not chained back to Delegator PAI certificate", + accountVid: testconstants.LeafCertWithVidVid, + vendorAccVid: testconstants.LeafCertWithVidVid, + accountRole: dclauthtypes.Vendor, + rootCertOptions: createRootWithVidOptions(), + addRevocation: createAddRevocationMessageWithLeafCertWithVid(vendorAcc.String()), + updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ + Signer: vendorAcc.String(), + Vid: testconstants.LeafCertWithVidVid, + CrlSignerCertificate: testconstants.LeafCertWithVid, + CrlSignerDelegator: testconstants.IntermediateCertPem, + Label: label, + DataURL: testconstants.DataURL, + IssuerSubjectKeyID: testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns, + }, + err: pkitypes.ErrCertNotChainedBack, + }, } for _, tc := range cases { @@ -683,6 +719,21 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_CrlSignerCertificateField( IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, }, }, + { + name: "PAI_With_Delegated_Certificate", + rootCertOptions1: createTestRootCertOptions(), + rootCertOptions2: createRootWithVidOptions(), + addRevocation: createAddRevocationMessageWithLeafCertWithVid(vendorAcc.String()), + updateRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{ + Signer: vendorAcc.String(), + Vid: 65521, + CrlSignerCertificate: testconstants.LeafCertWithVid, + CrlSignerDelegator: testconstants.IntermediateCertWithVid1, + Label: label, + DataURL: testconstants.DataURL, + IssuerSubjectKeyID: testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns, + }, + }, } for _, tc := range cases { diff --git a/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go b/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go index f90f1b89b..8c9014d75 100644 --- a/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go +++ b/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go @@ -46,7 +46,7 @@ func (k msgServer) AddPkiRevocationDistributionPoint(goCtx context.Context, msg err = k.checkRootCert(ctx, crlSignerCertificate, msg) } else { // check that crlSignerCertificate is chained back to a certificate on the ledger - err = k.checkNonRootCert(ctx, crlSignerCertificate) + err = k.checkCRLSignerNonRootCert(ctx, crlSignerCertificate, msg.CrlSignerDelegator, msg.IsPAA) } if err != nil { return nil, err @@ -69,6 +69,7 @@ func (k msgServer) AddPkiRevocationDistributionPoint(goCtx context.Context, msg Pid: msg.Pid, IsPAA: msg.IsPAA, CrlSignerCertificate: msg.CrlSignerCertificate, + CrlSignerDelegator: msg.CrlSignerDelegator, DataURL: msg.DataURL, DataFileSize: msg.DataFileSize, DataDigest: msg.DataDigest, @@ -116,9 +117,28 @@ func (k msgServer) checkRootCert(ctx sdk.Context, crlSignerCertificate *x509.Cer return nil } -func (k msgServer) checkNonRootCert(ctx sdk.Context, crlSignerCertificate *x509.Certificate) error { +func (k msgServer) checkCRLSignerNonRootCert(ctx sdk.Context, crlSignerCertificate *x509.Certificate, crlSignerDelegator string, isPAA bool) error { + if crlSignerDelegator != "" && isPAA == false { + crlSignerDelegatorCert, err := x509.DecodeX509Certificate(crlSignerDelegator) + if err != nil { + return pkitypes.NewErrInvalidCertificate(err) + } + + // verify CRL Signer certificate against Delegated PAI certificate + if err = crlSignerCertificate.Verify(crlSignerDelegatorCert, ctx.BlockTime()); err != nil { + return pkitypes.NewErrCRLSignerCertNotChainedBackToDelegator() + } + + if _, err = k.verifyCertificate(ctx, crlSignerDelegatorCert); err != nil { + return pkitypes.NewErrCRLSignerCertDelegatorNotChainedBack() + } + + return nil + } + // check that it's chained back to a cert on DCL - if _, err := k.verifyCertificate(ctx, crlSignerCertificate); err != nil { + _, err := k.verifyCertificate(ctx, crlSignerCertificate) + if err != nil { return pkitypes.NewErrCertNotChainedBack() } diff --git a/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go b/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go index a433728fd..63341192d 100644 --- a/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go +++ b/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go @@ -36,10 +36,13 @@ func (k msgServer) UpdatePkiRevocationDistributionPoint(goCtx context.Context, m // validate and update new values if msg.CrlSignerCertificate != "" { - if err := k.verifyUpdatedCertificate(ctx, msg.CrlSignerCertificate, &pkiRevocationDistributionPoint); err != nil { + err = k.verifyUpdatedCertificate(ctx, msg.CrlSignerCertificate, msg.CrlSignerDelegator, &pkiRevocationDistributionPoint) + if err != nil { return nil, err } + pkiRevocationDistributionPoint.CrlSignerCertificate = msg.CrlSignerCertificate + pkiRevocationDistributionPoint.CrlSignerDelegator = msg.CrlSignerDelegator } if pkiRevocationDistributionPoint.RevocationType == types.CRLRevocationType && (msg.DataFileSize != 0 || msg.DataDigest != "" || msg.DataDigestType != 0) { @@ -79,7 +82,7 @@ func (k msgServer) UpdatePkiRevocationDistributionPoint(goCtx context.Context, m return &types.MsgUpdatePkiRevocationDistributionPointResponse{}, nil } -func (k msgServer) verifyUpdatedCertificate(ctx sdk.Context, newCertificatePem string, revocationPoint *types.PkiRevocationDistributionPoint) error { +func (k msgServer) verifyUpdatedCertificate(ctx sdk.Context, newCertificatePem, newDelegatorCertPem string, revocationPoint *types.PkiRevocationDistributionPoint) error { oldCertificate, err := x509.DecodeX509Certificate(revocationPoint.CrlSignerCertificate) if err != nil { return pkitypes.NewErrInvalidCertificate(err) @@ -88,7 +91,7 @@ func (k msgServer) verifyUpdatedCertificate(ctx sdk.Context, newCertificatePem s if oldCertificate.IsSelfSigned() { err = k.verifyUpdatedPAA(ctx, newCertificatePem, revocationPoint) } else { - err = k.verifyUpdatedPAI(ctx, newCertificatePem, revocationPoint) + err = k.verifyUpdatedPAI(ctx, newCertificatePem, newDelegatorCertPem, revocationPoint) } if err != nil { @@ -154,7 +157,7 @@ func (k msgServer) verifyUpdatedPAA(ctx sdk.Context, newCertificatePem string, r return nil } -func (k msgServer) verifyUpdatedPAI(ctx sdk.Context, newCertificatePem string, revocationPoint *types.PkiRevocationDistributionPoint) error { +func (k msgServer) verifyUpdatedPAI(ctx sdk.Context, newCertificatePem, newDelegatorCertPem string, revocationPoint *types.PkiRevocationDistributionPoint) error { // decode new cert newCertificate, err := x509.DecodeX509Certificate(newCertificatePem) if err != nil { @@ -187,9 +190,18 @@ func (k msgServer) verifyUpdatedPAI(ctx sdk.Context, newCertificatePem string, r return pkitypes.NewErrPidNotFoundInCertificateButProvidedInRevocationPoint() } + // Check for static validation when CRL Signer is PAI certificate + if !revocationPoint.IsPAA { + err = types.VerifyCRLSignerCertFormat(newCertificate) + if err != nil { + return err + } + } + // check that it's chained back to a cert on DCL - if _, err = k.verifyCertificate(ctx, newCertificate); err != nil { - return pkitypes.NewErrCertNotChainedBack() + err = k.checkCRLSignerNonRootCert(ctx, newCertificate, newDelegatorCertPem, revocationPoint.IsPAA) + if err != nil { + return err } return nil diff --git a/x/pki/revocation_message_utils_test.go b/x/pki/revocation_message_utils_test.go index a1b2b8f67..bc4cd8782 100644 --- a/x/pki/revocation_message_utils_test.go +++ b/x/pki/revocation_message_utils_test.go @@ -66,6 +66,20 @@ func createAddRevocationMessageWithPAACertNoVid(signer string, vid int32) *types } } +func createAddRevocationMessageWithLeafCertWithVid(signer string) *types.MsgAddPkiRevocationDistributionPoint { + return &types.MsgAddPkiRevocationDistributionPoint{ + Signer: signer, + Vid: testconstants.LeafCertWithVidVid, + IsPAA: false, + CrlSignerCertificate: testconstants.LeafCertWithVid, + CrlSignerDelegator: testconstants.IntermediateCertWithVid1, + Label: label, + DataURL: testconstants.DataURL, + IssuerSubjectKeyID: testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns, + RevocationType: types.CRLRevocationType, + } +} + func assertRevocationPointEqual(t *testing.T, expected *types.MsgAddPkiRevocationDistributionPoint, actual *types.PkiRevocationDistributionPoint) { require.Equal(t, expected.CrlSignerCertificate, actual.CrlSignerCertificate) require.Equal(t, expected.CrlSignerCertificate, actual.CrlSignerCertificate) diff --git a/x/pki/types/message_add_pki_revocation_distribution_point.go b/x/pki/types/message_add_pki_revocation_distribution_point.go index 00895f724..635c857dd 100644 --- a/x/pki/types/message_add_pki_revocation_distribution_point.go +++ b/x/pki/types/message_add_pki_revocation_distribution_point.go @@ -1,9 +1,12 @@ package types import ( + x509std "crypto/x509" + "encoding/asn1" "strings" sdk "github.com/cosmos/cosmos-sdk/types" + pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" "github.com/zigbee-alliance/distributed-compliance-ledger/utils/validator" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/x509" @@ -14,7 +17,7 @@ const TypeMsgAddPkiRevocationDistributionPoint = "add_pki_revocation_distributio var _ sdk.Msg = &MsgAddPkiRevocationDistributionPoint{} func NewMsgAddPkiRevocationDistributionPoint(signer string, vid int32, pid int32, isPAA bool, label string, - crlSignerCertificate string, issuerSubjectKeyID string, dataURL string, dataFileSize uint64, dataDigest string, + crlSignerCertificate string, crlSignerDelegator string, issuerSubjectKeyID string, dataURL string, dataFileSize uint64, dataDigest string, dataDigestType uint32, revocationType uint32, schemaVersion uint32) *MsgAddPkiRevocationDistributionPoint { return &MsgAddPkiRevocationDistributionPoint{ Signer: signer, @@ -23,6 +26,7 @@ func NewMsgAddPkiRevocationDistributionPoint(signer string, vid int32, pid int32 IsPAA: isPAA, Label: label, CrlSignerCertificate: crlSignerCertificate, + CrlSignerDelegator: crlSignerDelegator, IssuerSubjectKeyID: issuerSubjectKeyID, DataURL: dataURL, DataFileSize: dataFileSize, @@ -61,8 +65,9 @@ func (msg *MsgAddPkiRevocationDistributionPoint) verifyPAA(cert *x509.Certificat return pkitypes.NewErrNotEmptyPidForRootCertificate() } - if !cert.IsSelfSigned() { - return pkitypes.NewErrRootCertificateIsNotSelfSigned() + pid, _ := x509.GetPidFromSubject(cert.SubjectAsText) + if pid != 0 { + return pkitypes.NewErrNotEmptyPidForNonRootCertificate() } // verify VID @@ -75,6 +80,13 @@ func (msg *MsgAddPkiRevocationDistributionPoint) verifyPAA(cert *x509.Certificat return pkitypes.NewErrCRLSignerCertificateVidNotEqualMsgVid(vid, msg.Vid) } + if !cert.IsSelfSigned() { + err = VerifyCRLSignerCertFormat(cert) + if err != nil { + return err + } + } + return nil } @@ -108,6 +120,62 @@ func (msg *MsgAddPkiRevocationDistributionPoint) verifyPAI(cert *x509.Certificat return pkitypes.NewErrCRLSignerCertificatePidNotEqualMsgPid(pid, msg.Pid) } + if msg.CrlSignerDelegator != "" { + if cert.AuthorityKeyID == "" { + return pkitypes.NewErrInvalidAuthorityKeyIDFormat() + } + err = VerifyCRLSignerCertFormat(cert) + if err != nil { + return err + } + } + + return nil +} + +func VerifyCRLSignerCertFormat(certificate *x509.Certificate) error { + if certificate.SubjectKeyID == "" { + return pkitypes.NewErrWrongSubjectKeyIDFormat() + } + + cert := certificate.Certificate + if cert.Version != 3 { + return pkitypes.NewErrCRLSignerCertificateInvalidFormat() + } + + if cert.SignatureAlgorithm != x509std.ECDSAWithSHA256 { + return pkitypes.NewErrCRLSignerCertificateInvalidFormat() + } + + if cert.PublicKeyAlgorithm != x509std.ECDSA { + return pkitypes.NewErrCRLSignerCertificateInvalidFormat() + } + // Basic Constraint extension should be marked critical and have the cA field set to false + if !cert.BasicConstraintsValid || cert.IsCA { + return pkitypes.NewErrCRLSignerCertificateInvalidFormat() + } + + // Key Usage extension should be marked critical + oidKeyUsage := asn1.ObjectIdentifier{2, 5, 29, 15} + isCritical := false + for _, ext := range cert.Extensions { + if ext.Id.Equal(oidKeyUsage) { + isCritical = ext.Critical + + break + } + } + if !isCritical { + return pkitypes.NewErrCRLSignerCertificateInvalidFormat() + } + + if cert.KeyUsage&x509std.KeyUsageCRLSign == 0 { + return pkitypes.NewErrCRLSignerCertificateInvalidFormat() + } + if cert.KeyUsage&^(x509std.KeyUsageCRLSign|x509std.KeyUsageDigitalSignature) != 0 { + return pkitypes.NewErrCRLSignerCertificateInvalidFormat() + } + return nil } @@ -200,11 +268,11 @@ func (msg *MsgAddPkiRevocationDistributionPoint) ValidateBasic() error { return err } - if err := msg.verifyFields(); err != nil { + if err = msg.verifyFields(); err != nil { return err } - if err := msg.verifySignerCertificate(); err != nil { + if err = msg.verifySignerCertificate(); err != nil { return err } diff --git a/x/pki/types/message_add_pki_revocation_distribution_point_test.go b/x/pki/types/message_add_pki_revocation_distribution_point_test.go index 2ca3838c0..bef8c6ec5 100644 --- a/x/pki/types/message_add_pki_revocation_distribution_point_test.go +++ b/x/pki/types/message_add_pki_revocation_distribution_point_test.go @@ -1,15 +1,18 @@ package types import ( - fmt "fmt" + x509std "crypto/x509" + "fmt" "testing" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" "github.com/stretchr/testify/require" + testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants" "github.com/zigbee-alliance/distributed-compliance-ledger/testutil/sample" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" "github.com/zigbee-alliance/distributed-compliance-ledger/utils/validator" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/x509" ) func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) { @@ -365,20 +368,6 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) { }, err: pkitypes.ErrNonRootCertificateSelfSigned, }, - { - name: "IsPAA true, certificate is non-root", - msg: MsgAddPkiRevocationDistributionPoint{ - Signer: sample.AccAddress(), - Vid: testconstants.Vid, - IsPAA: true, - CrlSignerCertificate: testconstants.IntermediateCertPem, - Label: "label", - DataURL: testconstants.DataURL, - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, - RevocationType: 1, - }, - err: pkitypes.ErrRootCertificateIsNotSelfSigned, - }, { name: "PAA is true, CRL signer certificate contains vid != msg.vid", msg: MsgAddPkiRevocationDistributionPoint{ @@ -461,12 +450,12 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) { name: "minimal msg isPAA true", msg: MsgAddPkiRevocationDistributionPoint{ Signer: sample.AccAddress(), - Vid: testconstants.PAACertWithNumericVidVid, + Vid: testconstants.LeafCertWithVidVid, IsPAA: true, - CrlSignerCertificate: testconstants.PAACertWithNumericVid, + CrlSignerCertificate: testconstants.LeafCertWithVid, Label: "label", DataURL: testconstants.DataURL, - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, + IssuerSubjectKeyID: testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns, RevocationType: 1, }, }, @@ -474,13 +463,12 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) { name: "minimal msg isPAA false", msg: MsgAddPkiRevocationDistributionPoint{ Signer: sample.AccAddress(), - Vid: testconstants.PAICertWithNumericPidVidVid, + Vid: testconstants.LeafCertWithVidVid, IsPAA: false, - Pid: testconstants.PAICertWithNumericPidVidPid, - CrlSignerCertificate: testconstants.PAICertWithNumericPidVid, + CrlSignerCertificate: testconstants.LeafCertWithVid, Label: "label", DataURL: testconstants.DataURL, - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, + IssuerSubjectKeyID: testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns, RevocationType: 1, }, }, @@ -488,12 +476,12 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) { name: "vid == cert.vid", msg: MsgAddPkiRevocationDistributionPoint{ Signer: sample.AccAddress(), - Vid: testconstants.PAACertWithNumericVidVid, + Vid: testconstants.LeafCertWithVidVid, IsPAA: true, - CrlSignerCertificate: testconstants.PAACertWithNumericVid, + CrlSignerCertificate: testconstants.LeafCertWithVid, Label: "label", DataURL: testconstants.DataURL, - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, + IssuerSubjectKeyID: testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns, RevocationType: 1, }, }, @@ -501,13 +489,13 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) { name: "vid == cert.vid, pid == cert.pid", msg: MsgAddPkiRevocationDistributionPoint{ Signer: sample.AccAddress(), - Vid: testconstants.PAICertWithNumericPidVidVid, + Vid: testconstants.LeafCertWithVidPidVid, IsPAA: false, - CrlSignerCertificate: testconstants.PAICertWithNumericPidVid, + CrlSignerCertificate: testconstants.LeafCertWithVidPid, Label: "label", DataURL: testconstants.DataURL, - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, - Pid: testconstants.PAICertWithNumericPidVidPid, + IssuerSubjectKeyID: testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns, + Pid: testconstants.LeafCertWithVidPidPid, RevocationType: 1, }, }, @@ -530,10 +518,10 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) { Signer: sample.AccAddress(), Vid: testconstants.Vid, IsPAA: true, - CrlSignerCertificate: testconstants.RootCertPem, + CrlSignerCertificate: testconstants.LeafCertWithoutVidPid, Label: "label", DataURL: testconstants.DataURL, - IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, + IssuerSubjectKeyID: testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns, RevocationType: 1, }, }, @@ -582,3 +570,80 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) { }) } } +func TestMsgAddPkiRevocationDistributionPoint_verifyCRLCertFormat(t *testing.T) { + negativeTests := []struct { + name string + init func(*x509.Certificate) + err error + }{ + { + name: "empty subject-key-id", + init: func(certificate *x509.Certificate) { + certificate.SubjectKeyID = "" + }, + err: pkitypes.ErrWrongSubjectKeyIDFormat, + }, + { + name: "version is not v3", + init: func(certificate *x509.Certificate) { + certificate.Certificate.Version = 2 + }, + err: pkitypes.ErrCRLSignerCertificateInvalidFormat, + }, + { + name: "SignatureAlgorithm is not ECDSAWithSHA256", + init: func(certificate *x509.Certificate) { + certificate.Certificate.SignatureAlgorithm = x509std.ECDSAWithSHA384 + }, + err: pkitypes.ErrCRLSignerCertificateInvalidFormat, + }, + { + name: "PublicKeyAlgorithm is not ECDSA", + init: func(certificate *x509.Certificate) { + certificate.Certificate.PublicKeyAlgorithm = x509std.Ed25519 + }, + err: pkitypes.ErrCRLSignerCertificateInvalidFormat, + }, + { + name: "Key Usage extension is not critical", + init: func(certificate *x509.Certificate) { + certificate.Certificate.Extensions[3].Critical = false + }, + err: pkitypes.ErrCRLSignerCertificateInvalidFormat, + }, + { + name: "The cRLSign bits is not in the KeyUsage bitstring", + init: func(certificate *x509.Certificate) { + certificate.Certificate.KeyUsage = x509std.KeyUsageCertSign + }, + err: pkitypes.ErrCRLSignerCertificateInvalidFormat, + }, + { + name: "Other Key Usage bits expect KeyUsageCRLSign and KeyUsageDigitalSignature is not be set", + init: func(certificate *x509.Certificate) { + certificate.Certificate.KeyUsage = x509std.KeyUsageCertSign | x509std.KeyUsageCRLSign | x509std.KeyUsageDigitalSignature + }, + err: pkitypes.ErrCRLSignerCertificateInvalidFormat, + }, + } + + for _, tt := range negativeTests { + t.Run(tt.name, func(t *testing.T) { + cert, err := x509.DecodeX509Certificate(testconstants.LeafCertWithVid) + require.NoError(t, err) + + tt.init(cert) + + err = VerifyCRLSignerCertFormat(cert) + require.Error(t, err) + require.ErrorIs(t, err, tt.err) + }) + } + + // Positive case + cert, err := x509.DecodeX509Certificate(testconstants.LeafCertWithVid) + require.NoError(t, err) + + err = VerifyCRLSignerCertFormat(cert) + require.NoError(t, err) +} diff --git a/x/pki/types/message_update_pki_revocation_distribution_point.go b/x/pki/types/message_update_pki_revocation_distribution_point.go index 1b868ae31..1b1cf6455 100644 --- a/x/pki/types/message_update_pki_revocation_distribution_point.go +++ b/x/pki/types/message_update_pki_revocation_distribution_point.go @@ -1,6 +1,7 @@ package types import ( + "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/x509" "strings" sdk "github.com/cosmos/cosmos-sdk/types" @@ -13,12 +14,14 @@ const TypeMsgUpdatePkiRevocationDistributionPoint = "update_pki_revocation_distr var _ sdk.Msg = &MsgUpdatePkiRevocationDistributionPoint{} func NewMsgUpdatePkiRevocationDistributionPoint(signer string, vid int32, label string, crlSignerCertificate string, - issuerSubjectKeyID string, dataURL string, dataFileSize uint64, dataDigest string, dataDigestType uint32, schemaVersion uint32) *MsgUpdatePkiRevocationDistributionPoint { + crlSignerDelegator string, issuerSubjectKeyID string, dataURL string, dataFileSize uint64, dataDigest string, + dataDigestType uint32, schemaVersion uint32) *MsgUpdatePkiRevocationDistributionPoint { return &MsgUpdatePkiRevocationDistributionPoint{ Signer: signer, Vid: vid, Label: label, CrlSignerCertificate: crlSignerCertificate, + CrlSignerDelegator: crlSignerDelegator, IssuerSubjectKeyID: issuerSubjectKeyID, DataURL: dataURL, DataFileSize: dataFileSize, @@ -104,5 +107,15 @@ func (msg *MsgUpdatePkiRevocationDistributionPoint) ValidateBasic() error { return pkitypes.NewErrWrongSubjectKeyIDFormat() } + cert, err := x509.DecodeX509Certificate(msg.CrlSignerCertificate) + if err != nil { + return pkitypes.NewErrInvalidCertificate(err) + } + + err = VerifyCRLSignerCertFormat(cert) + if err != nil { + return err + } + return nil } diff --git a/x/pki/types/pki_revocation_distribution_point.pb.go b/x/pki/types/pki_revocation_distribution_point.pb.go index 1b6bc47f7..e6f413592 100644 --- a/x/pki/types/pki_revocation_distribution_point.pb.go +++ b/x/pki/types/pki_revocation_distribution_point.pb.go @@ -35,6 +35,7 @@ type PkiRevocationDistributionPoint struct { DataDigestType uint32 `protobuf:"varint,10,opt,name=dataDigestType,proto3" json:"dataDigestType,omitempty"` RevocationType uint32 `protobuf:"varint,11,opt,name=revocationType,proto3" json:"revocationType,omitempty"` SchemaVersion uint32 `protobuf:"varint,12,opt,name=schemaVersion,proto3" json:"schemaVersion,omitempty"` + CrlSignerDelegator string `protobuf:"bytes,13,opt,name=crlSignerDelegator,proto3" json:"crlSignerDelegator,omitempty"` } func (m *PkiRevocationDistributionPoint) Reset() { *m = PkiRevocationDistributionPoint{} } @@ -154,6 +155,13 @@ func (m *PkiRevocationDistributionPoint) GetSchemaVersion() uint32 { return 0 } +func (m *PkiRevocationDistributionPoint) GetCrlSignerDelegator() string { + if m != nil { + return m.CrlSignerDelegator + } + return "" +} + func init() { proto.RegisterType((*PkiRevocationDistributionPoint)(nil), "zigbeealliance.distributedcomplianceledger.pki.PkiRevocationDistributionPoint") } @@ -163,32 +171,33 @@ func init() { } var fileDescriptor_35504fa19b856908 = []byte{ - // 396 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x92, 0xcd, 0x6e, 0x13, 0x31, - 0x14, 0x85, 0x63, 0xd2, 0xf4, 0xc7, 0xb4, 0x08, 0x59, 0x5d, 0x78, 0x65, 0x8d, 0x2a, 0x84, 0x46, - 0x42, 0x99, 0x91, 0xe0, 0x09, 0x0a, 0x11, 0x12, 0x82, 0x45, 0x34, 0x01, 0x16, 0x2c, 0xa8, 0x3c, - 0x9e, 0xcb, 0xf4, 0x92, 0xc9, 0xd8, 0xb2, 0x3d, 0x15, 0xe9, 0x53, 0xf0, 0x18, 0x3c, 0x0a, 0xcb, - 0x2e, 0x59, 0xa2, 0xe4, 0x45, 0xd0, 0xd8, 0x6a, 0x93, 0xa0, 0xec, 0x7c, 0x8e, 0x3f, 0x7d, 0x9b, - 0x7b, 0xe8, 0x0b, 0x33, 0xc7, 0xdc, 0xcc, 0xf1, 0xca, 0xc2, 0x8d, 0x56, 0xd2, 0xa3, 0x6e, 0xaf, - 0x2a, 0x74, 0xde, 0x62, 0xd9, 0x85, 0x60, 0x34, 0xb6, 0x3e, 0x33, 0x56, 0x7b, 0xcd, 0xb2, 0x5b, - 0xac, 0x4b, 0x00, 0xd9, 0x34, 0x28, 0x5b, 0x05, 0xd9, 0x03, 0x08, 0x95, 0xd2, 0x0b, 0x13, 0xdb, - 0x06, 0xaa, 0x1a, 0x6c, 0x66, 0xe6, 0x78, 0xf1, 0x6b, 0x48, 0xc5, 0x74, 0x8e, 0xc5, 0x83, 0x7a, - 0xb2, 0x65, 0x9e, 0xf6, 0x62, 0xf6, 0x94, 0x0e, 0x6f, 0xb0, 0xe2, 0x24, 0x21, 0xe9, 0xa8, 0xe8, - 0x9f, 0xec, 0x9c, 0x8e, 0x1a, 0x59, 0x42, 0xc3, 0x1f, 0x25, 0x24, 0x3d, 0x29, 0x62, 0x60, 0x19, - 0x65, 0xe8, 0x5c, 0x07, 0x76, 0xd6, 0x95, 0xdf, 0x41, 0xf9, 0xf7, 0xb0, 0x7c, 0x37, 0xe1, 0xc3, - 0x80, 0xec, 0xf9, 0xe9, 0xbd, 0x06, 0x2b, 0x7e, 0x10, 0xbd, 0x26, 0x7a, 0xd1, 0x4d, 0x2f, 0x2f, - 0xf9, 0x28, 0x21, 0xe9, 0x71, 0x11, 0x03, 0x7b, 0x49, 0xcf, 0x95, 0x6d, 0x66, 0x58, 0xb7, 0x60, - 0xdf, 0x80, 0xf5, 0xf8, 0x0d, 0x95, 0xf4, 0xc0, 0x0f, 0x83, 0x79, 0xef, 0x1f, 0xe3, 0xf4, 0xa8, - 0x92, 0x5e, 0x7e, 0x2a, 0x3e, 0xf0, 0xa3, 0x80, 0xdd, 0x47, 0x76, 0x41, 0x4f, 0xfb, 0xe7, 0x5b, - 0x6c, 0x60, 0x86, 0xb7, 0xc0, 0x8f, 0x13, 0x92, 0x1e, 0x14, 0x3b, 0x1d, 0x13, 0x94, 0xf6, 0x79, - 0x82, 0x35, 0x38, 0xcf, 0x4f, 0x82, 0x60, 0xab, 0x61, 0xcf, 0xe9, 0x93, 0x4d, 0xfa, 0xb8, 0x34, - 0xc0, 0x69, 0x42, 0xd2, 0xb3, 0xe2, 0xbf, 0xb6, 0xe7, 0x36, 0x37, 0x0b, 0xdc, 0xe3, 0xc8, 0xed, - 0xb6, 0xec, 0x19, 0x3d, 0x73, 0xea, 0x1a, 0x16, 0xf2, 0x33, 0x58, 0x87, 0xba, 0xe5, 0xa7, 0x01, - 0xdb, 0x2d, 0x5f, 0x7f, 0xfd, 0xbd, 0x12, 0xe4, 0x6e, 0x25, 0xc8, 0xdf, 0x95, 0x20, 0x3f, 0xd7, - 0x62, 0x70, 0xb7, 0x16, 0x83, 0x3f, 0x6b, 0x31, 0xf8, 0x32, 0xa9, 0xd1, 0x5f, 0x77, 0x65, 0xa6, - 0xf4, 0x22, 0x8f, 0xf7, 0x1f, 0xdf, 0x0f, 0x20, 0xdf, 0x1a, 0xc0, 0x78, 0xb3, 0x80, 0x71, 0x9c, - 0x40, 0xfe, 0xa3, 0x1f, 0x56, 0xee, 0x97, 0x06, 0x5c, 0x79, 0x18, 0x16, 0xf4, 0xea, 0x5f, 0x00, - 0x00, 0x00, 0xff, 0xff, 0xb4, 0x5c, 0x42, 0x90, 0x70, 0x02, 0x00, 0x00, + // 411 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x92, 0xcd, 0x6e, 0xd4, 0x30, + 0x14, 0x85, 0xc7, 0x4c, 0xa7, 0x3f, 0xa6, 0x83, 0x90, 0xd5, 0x85, 0x57, 0x51, 0x54, 0x21, 0x14, + 0x09, 0x4d, 0x22, 0xc1, 0x13, 0x14, 0x22, 0x24, 0x04, 0x8b, 0x51, 0x06, 0x58, 0xb0, 0xa0, 0x72, + 0x92, 0x4b, 0x7a, 0x99, 0x4c, 0x6c, 0xd9, 0x4e, 0xc5, 0xf4, 0x29, 0x78, 0x2c, 0x96, 0x5d, 0x76, + 0x89, 0x66, 0x5e, 0x04, 0xd9, 0x56, 0xe7, 0x87, 0x76, 0x77, 0xcf, 0xb9, 0x47, 0x9f, 0xe4, 0xeb, + 0x43, 0x5f, 0xa9, 0x39, 0x66, 0x6a, 0x8e, 0x97, 0x1a, 0xae, 0x65, 0x25, 0x2c, 0xca, 0xee, 0xb2, + 0x46, 0x63, 0x35, 0x96, 0xbd, 0x17, 0x4a, 0x62, 0x67, 0x53, 0xa5, 0xa5, 0x95, 0x2c, 0xbd, 0xc1, + 0xa6, 0x04, 0x10, 0x6d, 0x8b, 0xa2, 0xab, 0x20, 0xdd, 0x04, 0xa1, 0xae, 0xe4, 0x42, 0x05, 0xb7, + 0x85, 0xba, 0x01, 0x9d, 0xaa, 0x39, 0x9e, 0xdf, 0x0d, 0x69, 0x34, 0x9d, 0x63, 0xb1, 0x41, 0xe7, + 0x3b, 0xe4, 0xa9, 0x03, 0xb3, 0xe7, 0x74, 0x78, 0x8d, 0x35, 0x27, 0x31, 0x49, 0x46, 0x85, 0x1b, + 0xd9, 0x19, 0x1d, 0xb5, 0xa2, 0x84, 0x96, 0x3f, 0x89, 0x49, 0x72, 0x52, 0x04, 0xc1, 0x52, 0xca, + 0xd0, 0x98, 0x1e, 0xf4, 0xac, 0x2f, 0x7f, 0x42, 0x65, 0x3f, 0xc2, 0xf2, 0x43, 0xce, 0x87, 0x3e, + 0xf2, 0xc8, 0xc6, 0x71, 0x15, 0xd6, 0xfc, 0x20, 0x70, 0x55, 0xe0, 0xa2, 0x99, 0x5e, 0x5c, 0xf0, + 0x51, 0x4c, 0x92, 0xe3, 0x22, 0x08, 0xf6, 0x9a, 0x9e, 0x55, 0xba, 0x9d, 0x61, 0xd3, 0x81, 0x7e, + 0x07, 0xda, 0xe2, 0x0f, 0xac, 0x84, 0x05, 0x7e, 0xe8, 0xc9, 0x8f, 0xee, 0x18, 0xa7, 0x47, 0xb5, + 0xb0, 0xe2, 0x4b, 0xf1, 0x89, 0x1f, 0xf9, 0xd8, 0xbd, 0x64, 0xe7, 0xf4, 0xd4, 0x8d, 0xef, 0xb1, + 0x85, 0x19, 0xde, 0x00, 0x3f, 0x8e, 0x49, 0x72, 0x50, 0xec, 0x79, 0x2c, 0xa2, 0xd4, 0xe9, 0x1c, + 0x1b, 0x30, 0x96, 0x9f, 0x78, 0xc0, 0x8e, 0xc3, 0x5e, 0xd2, 0x67, 0x5b, 0xf5, 0x79, 0xa9, 0x80, + 0xd3, 0x98, 0x24, 0xe3, 0xe2, 0x3f, 0xd7, 0xe5, 0xb6, 0x7f, 0xe6, 0x73, 0x4f, 0x43, 0x6e, 0xdf, + 0x65, 0x2f, 0xe8, 0xd8, 0x54, 0x57, 0xb0, 0x10, 0x5f, 0x41, 0x1b, 0x94, 0x1d, 0x3f, 0xf5, 0xb1, + 0x7d, 0xd3, 0xdd, 0x77, 0xf3, 0xd6, 0x1c, 0x5a, 0x68, 0x84, 0x95, 0x9a, 0x8f, 0xc3, 0x7d, 0x1f, + 0x6e, 0xde, 0x7e, 0xff, 0xb3, 0x8a, 0xc8, 0xed, 0x2a, 0x22, 0x7f, 0x57, 0x11, 0xf9, 0xbd, 0x8e, + 0x06, 0xb7, 0xeb, 0x68, 0x70, 0xb7, 0x8e, 0x06, 0xdf, 0xf2, 0x06, 0xed, 0x55, 0x5f, 0xa6, 0x95, + 0x5c, 0x64, 0xa1, 0x2f, 0x93, 0xfb, 0xc2, 0x64, 0x3b, 0x85, 0x99, 0x6c, 0x1b, 0x33, 0x09, 0x95, + 0xc9, 0x7e, 0xb9, 0x22, 0x66, 0x76, 0xa9, 0xc0, 0x94, 0x87, 0xbe, 0x71, 0x6f, 0xfe, 0x05, 0x00, + 0x00, 0xff, 0xff, 0x13, 0xa7, 0x00, 0x1d, 0xa0, 0x02, 0x00, 0x00, } func (m *PkiRevocationDistributionPoint) Marshal() (dAtA []byte, err error) { @@ -211,6 +220,13 @@ func (m *PkiRevocationDistributionPoint) MarshalToSizedBuffer(dAtA []byte) (int, _ = i var l int _ = l + if len(m.CrlSignerDelegator) > 0 { + i -= len(m.CrlSignerDelegator) + copy(dAtA[i:], m.CrlSignerDelegator) + i = encodeVarintPkiRevocationDistributionPoint(dAtA, i, uint64(len(m.CrlSignerDelegator))) + i-- + dAtA[i] = 0x6a + } if m.SchemaVersion != 0 { i = encodeVarintPkiRevocationDistributionPoint(dAtA, i, uint64(m.SchemaVersion)) i-- @@ -347,6 +363,10 @@ func (m *PkiRevocationDistributionPoint) Size() (n int) { if m.SchemaVersion != 0 { n += 1 + sovPkiRevocationDistributionPoint(uint64(m.SchemaVersion)) } + l = len(m.CrlSignerDelegator) + if l > 0 { + n += 1 + l + sovPkiRevocationDistributionPoint(uint64(l)) + } return n } @@ -679,6 +699,38 @@ func (m *PkiRevocationDistributionPoint) Unmarshal(dAtA []byte) error { break } } + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrlSignerDelegator", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowPkiRevocationDistributionPoint + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthPkiRevocationDistributionPoint + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthPkiRevocationDistributionPoint + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrlSignerDelegator = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipPkiRevocationDistributionPoint(dAtA[iNdEx:]) diff --git a/x/pki/types/tx.pb.go b/x/pki/types/tx.pb.go index 9116a5b4d..c07381911 100644 --- a/x/pki/types/tx.pb.go +++ b/x/pki/types/tx.pb.go @@ -915,6 +915,7 @@ type MsgAddPkiRevocationDistributionPoint struct { DataDigestType uint32 `protobuf:"varint,11,opt,name=dataDigestType,proto3" json:"dataDigestType,omitempty"` RevocationType uint32 `protobuf:"varint,12,opt,name=revocationType,proto3" json:"revocationType,omitempty" validate:"required"` SchemaVersion uint32 `protobuf:"varint,13,opt,name=schemaVersion,proto3" json:"schemaVersion,omitempty" validate:"gte=0,lte=65535"` + CrlSignerDelegator string `protobuf:"bytes,14,opt,name=crlSignerDelegator,proto3" json:"crlSignerDelegator,omitempty" validate:"max=10485760"` } func (m *MsgAddPkiRevocationDistributionPoint) Reset() { *m = MsgAddPkiRevocationDistributionPoint{} } @@ -1041,6 +1042,13 @@ func (m *MsgAddPkiRevocationDistributionPoint) GetSchemaVersion() uint32 { return 0 } +func (m *MsgAddPkiRevocationDistributionPoint) GetCrlSignerDelegator() string { + if m != nil { + return m.CrlSignerDelegator + } + return "" +} + type MsgAddPkiRevocationDistributionPointResponse struct { } @@ -1092,6 +1100,7 @@ type MsgUpdatePkiRevocationDistributionPoint struct { DataDigest string `protobuf:"bytes,8,opt,name=dataDigest,proto3" json:"dataDigest,omitempty"` DataDigestType uint32 `protobuf:"varint,9,opt,name=dataDigestType,proto3" json:"dataDigestType,omitempty"` SchemaVersion uint32 `protobuf:"varint,10,opt,name=schemaVersion,proto3" json:"schemaVersion,omitempty" validate:"gte=0,lte=65535"` + CrlSignerDelegator string `protobuf:"bytes,11,opt,name=crlSignerDelegator,proto3" json:"crlSignerDelegator,omitempty" validate:"max=10485760"` } func (m *MsgUpdatePkiRevocationDistributionPoint) Reset() { @@ -1199,6 +1208,13 @@ func (m *MsgUpdatePkiRevocationDistributionPoint) GetSchemaVersion() uint32 { return 0 } +func (m *MsgUpdatePkiRevocationDistributionPoint) GetCrlSignerDelegator() string { + if m != nil { + return m.CrlSignerDelegator + } + return "" +} + type MsgUpdatePkiRevocationDistributionPointResponse struct { } @@ -2075,100 +2091,102 @@ func init() { func init() { proto.RegisterFile("pki/tx.proto", fileDescriptor_badfdb2b39855d16) } var fileDescriptor_badfdb2b39855d16 = []byte{ - // 1482 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5a, 0xdf, 0x6f, 0xd3, 0xd6, - 0x17, 0xc7, 0xf9, 0xd1, 0x1f, 0x87, 0x52, 0x89, 0xfb, 0x2d, 0x25, 0x04, 0xbe, 0x49, 0x30, 0x08, - 0x2a, 0xad, 0x4d, 0x4a, 0x21, 0x1d, 0xa0, 0xb1, 0x29, 0x25, 0xe3, 0x87, 0x68, 0x51, 0xe7, 0x02, - 0x9b, 0xa6, 0x69, 0x28, 0x89, 0x2f, 0xe6, 0xae, 0x4e, 0xec, 0xd9, 0x4e, 0x45, 0x79, 0xdb, 0x5f, - 0xb0, 0x49, 0xd3, 0x5e, 0xf7, 0xb6, 0x4d, 0x42, 0x1a, 0xd2, 0xb4, 0x1f, 0xaf, 0x7b, 0xd8, 0xcb, - 0x5e, 0x26, 0xa1, 0xbd, 0x6c, 0x4f, 0x11, 0x83, 0x97, 0x49, 0xbc, 0xe5, 0x2f, 0x98, 0x7c, 0xed, - 0x5c, 0xc7, 0x89, 0xdd, 0x26, 0x37, 0x61, 0xea, 0x4a, 0xdf, 0xec, 0x9b, 0x7b, 0x3e, 0xf7, 0xdc, - 0xf3, 0xf9, 0xdc, 0x63, 0x9f, 0xe3, 0xc0, 0x84, 0xbe, 0x4e, 0x72, 0xd6, 0x83, 0xac, 0x6e, 0x68, - 0x96, 0x86, 0xb2, 0x0f, 0x89, 0x52, 0xc6, 0xb8, 0xa4, 0xaa, 0xa4, 0x54, 0xab, 0xe0, 0xac, 0x4c, - 0x4c, 0xcb, 0x20, 0xe5, 0xba, 0x85, 0xe5, 0x8a, 0x56, 0xd5, 0x9d, 0x51, 0x15, 0xcb, 0x0a, 0x36, - 0xb2, 0xfa, 0x3a, 0x49, 0x1e, 0xa9, 0x68, 0x66, 0x55, 0x33, 0xef, 0x52, 0xeb, 0x9c, 0x73, 0xe3, - 0x40, 0x25, 0xa7, 0x14, 0x4d, 0xd1, 0x9c, 0x71, 0xfb, 0xca, 0x19, 0x15, 0x1f, 0x47, 0xe1, 0xc8, - 0x8a, 0xa9, 0xac, 0x1a, 0x9a, 0xae, 0x99, 0xb8, 0x20, 0xcb, 0xef, 0xe5, 0xe7, 0x2f, 0x48, 0x9a, - 0x66, 0x5d, 0xc6, 0x86, 0x85, 0xae, 0xc2, 0x88, 0x49, 0x94, 0x1a, 0x36, 0x12, 0x42, 0x46, 0x98, - 0x19, 0x5f, 0xca, 0x35, 0x1b, 0xe9, 0xff, 0x6d, 0x94, 0x54, 0x22, 0x97, 0x2c, 0x7c, 0x51, 0x34, - 0xf0, 0xc7, 0x75, 0x62, 0x60, 0x59, 0xfc, 0xfd, 0x87, 0xb9, 0x29, 0x77, 0xb1, 0x82, 0x2c, 0x1b, - 0xd8, 0x34, 0xd7, 0x2c, 0x83, 0xd4, 0x14, 0xc9, 0x35, 0x47, 0xe7, 0x21, 0x56, 0xc1, 0x86, 0x95, - 0x88, 0x50, 0x98, 0x93, 0xcd, 0x46, 0x3a, 0xd3, 0x0d, 0x33, 0x5b, 0x2d, 0x3d, 0xb8, 0x74, 0x66, - 0xfe, 0xdc, 0xf9, 0xfc, 0xeb, 0x8b, 0xf3, 0xa2, 0x44, 0x2d, 0xd0, 0x6b, 0x10, 0x23, 0xb5, 0x7b, - 0x5a, 0x22, 0x4a, 0x2d, 0x0f, 0xfb, 0x1d, 0xb0, 0x0d, 0xce, 0xcd, 0x5f, 0x58, 0x14, 0x25, 0x3a, - 0x09, 0x21, 0x88, 0x59, 0xa4, 0x8a, 0x13, 0xb1, 0x8c, 0x30, 0x13, 0x95, 0xe8, 0x35, 0xba, 0x00, - 0xd1, 0x0d, 0x22, 0x27, 0xe2, 0x19, 0x61, 0x26, 0xbe, 0x74, 0xba, 0xd9, 0x48, 0x9f, 0xf0, 0xec, - 0x15, 0x0b, 0x5f, 0x3a, 0x33, 0xab, 0x5a, 0xf8, 0xd2, 0x62, 0x3e, 0x7f, 0x36, 0x3f, 0xcb, 0x36, - 0x24, 0xd9, 0x36, 0x68, 0x19, 0x0e, 0xda, 0x3e, 0xac, 0x55, 0xee, 0xe3, 0x6a, 0xe9, 0x0e, 0x36, - 0x4c, 0xa2, 0xd5, 0x12, 0x23, 0x19, 0x61, 0xe6, 0xc0, 0x52, 0xaa, 0xd9, 0x48, 0x27, 0xfd, 0x40, - 0xf3, 0x1e, 0x90, 0x28, 0x75, 0x1b, 0xa2, 0x22, 0x1c, 0x30, 0x7d, 0x48, 0xa3, 0x3d, 0x21, 0xf9, - 0x8d, 0xc4, 0x13, 0x70, 0x3c, 0x94, 0x2f, 0x09, 0x9b, 0xba, 0x56, 0x33, 0xb1, 0xf8, 0x75, 0x84, - 0xb2, 0x5a, 0xd0, 0x75, 0x43, 0xdb, 0x78, 0x79, 0xac, 0x5e, 0x84, 0x51, 0xb3, 0x5e, 0xfe, 0x08, - 0x57, 0x5a, 0xc4, 0x66, 0x9a, 0x8d, 0xf4, 0xb1, 0x50, 0x62, 0x17, 0xce, 0x89, 0x52, 0xcb, 0x00, - 0x5d, 0x86, 0x09, 0xf7, 0xf2, 0x06, 0xde, 0xbc, 0x2e, 0xbb, 0xfc, 0xa6, 0x9b, 0x8d, 0xf4, 0xd1, - 0x10, 0x80, 0x85, 0xfc, 0xa2, 0x28, 0xf9, 0x8c, 0x98, 0x38, 0x62, 0xfd, 0x88, 0x23, 0xee, 0x89, - 0xc3, 0x8d, 0x66, 0x70, 0x9c, 0x58, 0x34, 0xff, 0x8e, 0xc0, 0xa4, 0x3d, 0xcb, 0xf9, 0x79, 0xd7, - 0x1c, 0x8c, 0x40, 0x75, 0xc7, 0x87, 0xa6, 0xee, 0x11, 0x1e, 0x75, 0x27, 0x60, 0xda, 0x1f, 0x69, - 0x46, 0xc2, 0x8f, 0x51, 0x38, 0xe6, 0x09, 0x5f, 0xc2, 0x1b, 0xda, 0x3a, 0xde, 0x53, 0x75, 0xa0, - 0xaa, 0x91, 0x08, 0x13, 0x26, 0x36, 0x48, 0x49, 0xbd, 0x59, 0xaf, 0x96, 0xb1, 0x41, 0xa9, 0x18, - 0x97, 0x7c, 0x63, 0x28, 0x03, 0xfb, 0x0d, 0x1a, 0xc4, 0xcb, 0xf7, 0x89, 0x2a, 0xd3, 0x5c, 0x34, - 0x26, 0xb5, 0x0f, 0x75, 0x33, 0x3a, 0xc6, 0xc3, 0xe8, 0x29, 0x38, 0xb9, 0x15, 0x6d, 0x8c, 0xdf, - 0xdf, 0x22, 0x94, 0x5f, 0xf7, 0x28, 0xbe, 0x12, 0xfc, 0xc6, 0xfb, 0xe1, 0x77, 0x64, 0x0b, 0x7e, - 0x47, 0xbb, 0xf9, 0x75, 0xe3, 0x1e, 0x1a, 0x4e, 0x16, 0xf7, 0x47, 0x51, 0x38, 0xb8, 0x62, 0x2a, - 0xde, 0x8c, 0xbd, 0xc3, 0xb4, 0x73, 0x0f, 0xd3, 0x51, 0xfa, 0x58, 0xf7, 0x73, 0xc5, 0x98, 0x7c, - 0x11, 0x81, 0x04, 0xfd, 0xd5, 0xde, 0xfc, 0xde, 0x33, 0x3f, 0x94, 0xd0, 0xe1, 0x3c, 0xa9, 0x44, - 0xc8, 0x84, 0x05, 0x9b, 0x31, 0xf2, 0x57, 0xdc, 0x39, 0x84, 0xb2, 0xbc, 0xba, 0x4e, 0x6c, 0xd6, - 0x2a, 0x25, 0x8b, 0x68, 0xb5, 0x62, 0xeb, 0x25, 0x9e, 0x68, 0xb5, 0x55, 0x8d, 0xd4, 0x86, 0xc8, - 0x8e, 0xfb, 0xb2, 0x1b, 0xe1, 0x78, 0xd9, 0x9d, 0x87, 0xa8, 0x4e, 0x1c, 0x4e, 0xe2, 0xdb, 0x06, - 0xc3, 0x9e, 0x8a, 0xa6, 0x20, 0x4e, 0xcc, 0xd5, 0x42, 0x81, 0x52, 0x31, 0x26, 0x39, 0x37, 0x68, - 0x0e, 0xe2, 0x6a, 0xa9, 0x8c, 0xd5, 0xe0, 0xf4, 0xe6, 0x2d, 0xea, 0xcc, 0x42, 0x37, 0x60, 0xaa, - 0x62, 0xa8, 0x6b, 0xd4, 0x7d, 0x3b, 0x78, 0xe4, 0x1e, 0xa9, 0x94, 0x2c, 0x27, 0xdf, 0x6d, 0x61, - 0x1d, 0x68, 0x84, 0xae, 0x02, 0x22, 0xa6, 0x59, 0xc7, 0xc6, 0x9a, 0xa7, 0x98, 0xa2, 0x93, 0x1e, - 0xc3, 0xa1, 0x02, 0x4c, 0x50, 0x1e, 0x46, 0xe5, 0x92, 0x55, 0xba, 0x2d, 0x2d, 0xd3, 0x83, 0x3a, - 0xbe, 0x74, 0xb4, 0xd9, 0x48, 0x1f, 0x0e, 0x10, 0x69, 0xdd, 0x50, 0x45, 0xa9, 0x35, 0xd7, 0xce, - 0x15, 0xf6, 0xe5, 0x15, 0xa2, 0xe2, 0x35, 0xf2, 0x10, 0x27, 0xc6, 0x33, 0xc2, 0x4c, 0x4c, 0xf2, - 0x8d, 0xa1, 0x14, 0x80, 0x7d, 0x5f, 0x24, 0x0a, 0x36, 0xad, 0x04, 0xd0, 0x6c, 0xd2, 0x36, 0x82, - 0x4e, 0xc1, 0xa4, 0x77, 0x77, 0x6b, 0x53, 0xc7, 0x89, 0xfd, 0xb6, 0x3e, 0xa5, 0x8e, 0x51, 0xf4, - 0x16, 0x4c, 0x1a, 0x4c, 0x52, 0x74, 0xde, 0x04, 0xd5, 0x71, 0xe8, 0x3e, 0x3b, 0xa6, 0x77, 0x9f, - 0x83, 0x03, 0x3c, 0xe7, 0x20, 0x0b, 0xb3, 0xbd, 0x48, 0x9c, 0x9d, 0x89, 0x5f, 0x62, 0x70, 0x7a, - 0xc5, 0x54, 0x6e, 0xeb, 0x36, 0xfc, 0x7f, 0xe0, 0x58, 0x30, 0x39, 0x47, 0x7b, 0x92, 0xf3, 0x42, - 0x88, 0x9c, 0x69, 0xb6, 0xea, 0x4b, 0xb5, 0xf1, 0xfe, 0x55, 0xbb, 0xe8, 0xa9, 0xd6, 0x39, 0x3e, - 0xc7, 0x9a, 0x8d, 0x74, 0xc2, 0xb3, 0xd6, 0xaa, 0xc4, 0xc2, 0x55, 0xdd, 0xda, 0xdc, 0x46, 0xb6, - 0xa3, 0xdb, 0xca, 0x76, 0xac, 0x07, 0xd9, 0x8e, 0x07, 0xca, 0xb6, 0x4b, 0x75, 0xc0, 0xa3, 0xba, - 0x33, 0x90, 0xeb, 0x51, 0x44, 0x4c, 0x78, 0x5f, 0x45, 0xa8, 0xf0, 0x8a, 0x58, 0xc5, 0xbb, 0x51, - 0x78, 0xc1, 0x22, 0x8a, 0xf5, 0x2d, 0x22, 0x37, 0xb4, 0xbd, 0x84, 0x89, 0x85, 0xf6, 0xf3, 0x08, - 0x4c, 0xd8, 0x49, 0xc0, 0xb4, 0x77, 0x7d, 0x87, 0xc8, 0xbb, 0xe8, 0x6d, 0xc3, 0x25, 0x30, 0xd6, - 0x3f, 0x81, 0xe2, 0x34, 0x4c, 0xb5, 0x07, 0x85, 0x45, 0xeb, 0x71, 0x04, 0x0e, 0x39, 0x29, 0xf3, - 0xa6, 0x56, 0xd9, 0x69, 0xed, 0xb6, 0xc0, 0xa6, 0x40, 0x6c, 0x68, 0x4d, 0x81, 0x38, 0xcf, 0x61, - 0x4f, 0xc3, 0xff, 0x03, 0xe3, 0xc5, 0x22, 0xfa, 0x49, 0xc4, 0xad, 0x61, 0xaa, 0xda, 0xc6, 0x6e, - 0xac, 0x61, 0x3a, 0x4b, 0x90, 0x58, 0x40, 0xbd, 0xd7, 0x2a, 0x0d, 0xda, 0x43, 0xe0, 0x15, 0x79, - 0x4e, 0x80, 0xbc, 0x10, 0xee, 0x68, 0xb9, 0x45, 0x87, 0x26, 0xb7, 0x18, 0x7f, 0x91, 0xe5, 0x8f, - 0x15, 0x8b, 0xe4, 0x77, 0x51, 0xb7, 0xc8, 0xb2, 0x4b, 0xb0, 0x9b, 0x5a, 0xc5, 0xd6, 0xe2, 0xab, - 0xa9, 0xb8, 0xc1, 0xdb, 0x18, 0xff, 0x56, 0xd5, 0xdc, 0x2a, 0xd5, 0x02, 0x28, 0x63, 0xbc, 0x7e, - 0x1b, 0xa5, 0xd9, 0x9a, 0x4d, 0xda, 0xe3, 0x74, 0x67, 0x73, 0x9a, 0xa2, 0xdd, 0xc2, 0x2e, 0xba, - 0x5a, 0x7c, 0x2e, 0xbc, 0x98, 0x86, 0xe8, 0x8a, 0xa9, 0xa0, 0x9f, 0x04, 0x98, 0x0e, 0xf9, 0xb8, - 0x75, 0xbd, 0xcf, 0x8f, 0x6b, 0xd9, 0xd0, 0xef, 0x2e, 0xc9, 0x77, 0x86, 0x06, 0xd5, 0xda, 0x00, - 0x75, 0x3c, 0xe4, 0xfb, 0x0d, 0x8f, 0xe3, 0xc1, 0x50, 0x5c, 0x8e, 0x6f, 0xfd, 0xb5, 0x04, 0x7d, - 0x21, 0xc0, 0xfe, 0xf6, 0x4f, 0x25, 0x6f, 0xf2, 0x2c, 0xe1, 0xd9, 0x27, 0xaf, 0x0c, 0x66, 0xcf, - 0xfc, 0xfa, 0x59, 0x80, 0x23, 0xe1, 0x5f, 0x0f, 0x96, 0xf9, 0x19, 0xec, 0x46, 0x4b, 0xde, 0x1a, - 0x26, 0x9a, 0x6f, 0x07, 0xe1, 0xfd, 0xf1, 0x65, 0x7e, 0x2a, 0x87, 0xb4, 0x83, 0x6d, 0x9b, 0xcd, - 0xe8, 0x4b, 0x01, 0x26, 0x3b, 0x3a, 0xcd, 0x05, 0x8e, 0x85, 0xfc, 0x10, 0xc9, 0xeb, 0x03, 0x43, - 0x30, 0x07, 0xbf, 0x17, 0xe0, 0x50, 0x70, 0x03, 0xf5, 0x1a, 0xd7, 0x22, 0x01, 0x48, 0xc9, 0xd5, - 0x61, 0x21, 0x31, 0xaf, 0xff, 0x10, 0xe0, 0xf8, 0xf6, 0x4d, 0xc6, 0x5b, 0x7c, 0x07, 0x69, 0x6b, - 0xd4, 0xe4, 0x07, 0x2f, 0x03, 0x95, 0xed, 0xec, 0xa9, 0x00, 0x27, 0x7b, 0x6a, 0x15, 0xbd, 0xcb, - 0xe1, 0x46, 0x2f, 0xc0, 0xc9, 0xbb, 0x2f, 0x09, 0xd8, 0xb7, 0xc5, 0x9e, 0x9a, 0x12, 0x3c, 0x5b, - 0xec, 0x05, 0x98, 0x6b, 0x8b, 0xfd, 0xf4, 0x07, 0xd0, 0xa7, 0x02, 0x8c, 0x7b, 0xcd, 0x81, 0x37, - 0x78, 0x14, 0xd3, 0xb2, 0x4e, 0x16, 0x07, 0xb1, 0x66, 0x1e, 0x3d, 0x12, 0x00, 0x05, 0x14, 0xe0, - 0x6f, 0xf3, 0x89, 0xb9, 0x03, 0x26, 0xb9, 0x32, 0x14, 0x98, 0x8e, 0xac, 0xe9, 0xab, 0x6d, 0xf9, - 0xb2, 0x66, 0x3b, 0x04, 0x67, 0xd6, 0x0c, 0x2a, 0x2f, 0xa9, 0x83, 0x1d, 0xb5, 0x65, 0x61, 0xa0, - 0x10, 0x70, 0x3b, 0x18, 0x5c, 0xb5, 0xb9, 0x69, 0x3d, 0xa8, 0x64, 0xbb, 0xc6, 0xfd, 0xec, 0xe8, - 0x40, 0xe2, 0x4c, 0xeb, 0x5b, 0xd4, 0x24, 0xe8, 0x1b, 0x01, 0x0e, 0x76, 0x17, 0x24, 0xc5, 0x41, - 0xd6, 0x61, 0xde, 0x2e, 0x0f, 0x03, 0xa5, 0xe5, 0xe9, 0xd2, 0x87, 0xbf, 0x3e, 0x4b, 0x09, 0x4f, - 0x9e, 0xa5, 0x84, 0xa7, 0xcf, 0x52, 0xc2, 0x67, 0xcf, 0x53, 0xfb, 0x9e, 0x3c, 0x4f, 0xed, 0xfb, - 0xf3, 0x79, 0x6a, 0xdf, 0xfb, 0x45, 0x85, 0x58, 0xf7, 0xeb, 0xe5, 0x6c, 0x45, 0xab, 0xe6, 0x9c, - 0x15, 0xe7, 0x5a, 0x4b, 0xe6, 0xda, 0x96, 0x9c, 0xf3, 0xd6, 0x9c, 0x73, 0x16, 0xcd, 0x3d, 0xc8, - 0xd1, 0x7f, 0xc2, 0x6d, 0xea, 0xd8, 0x2c, 0x8f, 0xd0, 0x3f, 0xab, 0x9d, 0xfd, 0x27, 0x00, 0x00, - 0xff, 0xff, 0xb7, 0xd1, 0xd2, 0x13, 0x1d, 0x27, 0x00, 0x00, + // 1505 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5a, 0xdd, 0x6f, 0xd3, 0x56, + 0x14, 0xc7, 0xf9, 0xe8, 0xc7, 0x69, 0xa9, 0xc4, 0x5d, 0x29, 0x26, 0xb0, 0x24, 0x18, 0x04, 0x95, + 0xd6, 0x26, 0xa5, 0x90, 0x0e, 0xd0, 0xd8, 0x94, 0x92, 0xf1, 0x21, 0x5a, 0xd4, 0xb9, 0xc0, 0xa6, + 0x69, 0x1a, 0x72, 0xe2, 0x8b, 0xb9, 0xab, 0x13, 0x7b, 0xb6, 0x53, 0x51, 0xde, 0xf6, 0x17, 0x0c, + 0x69, 0xda, 0xeb, 0xde, 0xb6, 0x49, 0x48, 0x43, 0x9a, 0xf6, 0xf1, 0xba, 0xd7, 0xbd, 0x4c, 0x42, + 0x7b, 0xd9, 0x9e, 0x22, 0x04, 0x2f, 0x93, 0x78, 0xcb, 0x5f, 0x30, 0xf9, 0xda, 0xb1, 0xe3, 0xc4, + 0x6e, 0x93, 0xdb, 0x74, 0xea, 0x4a, 0xdf, 0xec, 0x9b, 0x7b, 0x7e, 0xf7, 0xdc, 0xf3, 0xfb, 0x9d, + 0x63, 0x9f, 0xeb, 0xc0, 0xb8, 0xbe, 0x46, 0xf2, 0xd6, 0xc3, 0x9c, 0x6e, 0x68, 0x96, 0x86, 0x72, + 0x8f, 0x88, 0x52, 0xc6, 0x58, 0x52, 0x55, 0x22, 0xd5, 0x2a, 0x38, 0x27, 0x13, 0xd3, 0x32, 0x48, + 0xb9, 0x6e, 0x61, 0xb9, 0xa2, 0x55, 0x75, 0x67, 0x54, 0xc5, 0xb2, 0x82, 0x8d, 0x9c, 0xbe, 0x46, + 0x52, 0x47, 0x2b, 0x9a, 0x59, 0xd5, 0xcc, 0x7b, 0xd4, 0x3a, 0xef, 0xdc, 0x38, 0x50, 0xa9, 0x49, + 0x45, 0x53, 0x34, 0x67, 0xdc, 0xbe, 0x72, 0x46, 0x85, 0xa7, 0x71, 0x38, 0xba, 0x6c, 0x2a, 0x2b, + 0x86, 0xa6, 0x6b, 0x26, 0x2e, 0xca, 0xf2, 0x47, 0x85, 0xb9, 0x8b, 0xa2, 0xa6, 0x59, 0x57, 0xb0, + 0x61, 0xa1, 0x6b, 0x30, 0x64, 0x12, 0xa5, 0x86, 0x0d, 0x9e, 0xcb, 0x72, 0xd3, 0xa3, 0x8b, 0xf9, + 0x66, 0x23, 0xf3, 0xc6, 0xba, 0xa4, 0x12, 0x59, 0xb2, 0xf0, 0x25, 0xc1, 0xc0, 0x9f, 0xd7, 0x89, + 0x81, 0x65, 0xe1, 0xcf, 0x9f, 0x67, 0x27, 0xdd, 0xc5, 0x8a, 0xb2, 0x6c, 0x60, 0xd3, 0x5c, 0xb5, + 0x0c, 0x52, 0x53, 0x44, 0xd7, 0x1c, 0x5d, 0x80, 0x44, 0x05, 0x1b, 0x16, 0x1f, 0xa3, 0x30, 0xa7, + 0x9a, 0x8d, 0x4c, 0xb6, 0x1b, 0x66, 0xa6, 0x2a, 0x3d, 0xbc, 0x7c, 0x76, 0xee, 0xfc, 0x85, 0xc2, + 0xdb, 0x0b, 0x73, 0x82, 0x48, 0x2d, 0xd0, 0x5b, 0x90, 0x20, 0xb5, 0xfb, 0x1a, 0x1f, 0xa7, 0x96, + 0x47, 0x82, 0x0e, 0xd8, 0x06, 0xe7, 0xe7, 0x2e, 0x2e, 0x08, 0x22, 0x9d, 0x84, 0x10, 0x24, 0x2c, + 0x52, 0xc5, 0x7c, 0x22, 0xcb, 0x4d, 0xc7, 0x45, 0x7a, 0x8d, 0x2e, 0x42, 0x7c, 0x9d, 0xc8, 0x7c, + 0x32, 0xcb, 0x4d, 0x27, 0x17, 0xcf, 0x34, 0x1b, 0x99, 0x93, 0xbe, 0xbd, 0x62, 0xe1, 0xcb, 0x67, + 0x67, 0x54, 0x0b, 0x5f, 0x5e, 0x28, 0x14, 0xce, 0x15, 0x66, 0xbc, 0x0d, 0x89, 0xb6, 0x0d, 0x5a, + 0x82, 0x43, 0xb6, 0x0f, 0xab, 0x95, 0x07, 0xb8, 0x2a, 0xdd, 0xc5, 0x86, 0x49, 0xb4, 0x1a, 0x3f, + 0x94, 0xe5, 0xa6, 0x0f, 0x2e, 0xa6, 0x9b, 0x8d, 0x4c, 0x2a, 0x08, 0x34, 0xe7, 0x03, 0x09, 0x62, + 0xb7, 0x21, 0x2a, 0xc1, 0x41, 0x33, 0x80, 0x34, 0xdc, 0x13, 0x52, 0xd0, 0x48, 0x38, 0x09, 0x27, + 0x22, 0xf9, 0x12, 0xb1, 0xa9, 0x6b, 0x35, 0x13, 0x0b, 0xdf, 0xc5, 0x28, 0xab, 0x45, 0x5d, 0x37, + 0xb4, 0xf5, 0x9d, 0x63, 0xf5, 0x12, 0x0c, 0x9b, 0xf5, 0xf2, 0x67, 0xb8, 0xd2, 0x22, 0x36, 0xdb, + 0x6c, 0x64, 0x8e, 0x47, 0x12, 0x3b, 0x7f, 0x5e, 0x10, 0x5b, 0x06, 0xe8, 0x0a, 0x8c, 0xbb, 0x97, + 0x37, 0xf1, 0xc6, 0x0d, 0xd9, 0xe5, 0x37, 0xd3, 0x6c, 0x64, 0x8e, 0x45, 0x00, 0xcc, 0x17, 0x16, + 0x04, 0x31, 0x60, 0xe4, 0x89, 0x23, 0xd1, 0x8f, 0x38, 0x92, 0xbe, 0x38, 0xdc, 0x68, 0x86, 0xc7, + 0xc9, 0x8b, 0xe6, 0x3f, 0x31, 0x98, 0xb0, 0x67, 0x39, 0x3f, 0xef, 0x99, 0xc4, 0x08, 0x55, 0x77, + 0x72, 0x60, 0xea, 0x1e, 0x62, 0x51, 0x37, 0x0f, 0x53, 0xc1, 0x48, 0x7b, 0x24, 0xfc, 0x12, 0x87, + 0xe3, 0xbe, 0xf0, 0x45, 0xbc, 0xae, 0xad, 0xe1, 0x7d, 0x55, 0x87, 0xaa, 0x1a, 0x09, 0x30, 0x6e, + 0x62, 0x83, 0x48, 0xea, 0xad, 0x7a, 0xb5, 0x8c, 0x0d, 0x4a, 0xc5, 0xa8, 0x18, 0x18, 0x43, 0x59, + 0x18, 0x33, 0x68, 0x10, 0xaf, 0x3c, 0x20, 0xaa, 0x4c, 0x6b, 0xd1, 0x88, 0xd8, 0x3e, 0xd4, 0xcd, + 0xe8, 0x08, 0x0b, 0xa3, 0xa7, 0xe1, 0xd4, 0x66, 0xb4, 0x79, 0xfc, 0xfe, 0x11, 0xa3, 0xfc, 0xba, + 0xa9, 0xf8, 0x5a, 0xf0, 0x9b, 0xec, 0x87, 0xdf, 0xa1, 0x4d, 0xf8, 0x1d, 0xee, 0xe6, 0xd7, 0x8d, + 0x7b, 0x64, 0x38, 0xbd, 0xb8, 0x3f, 0x89, 0xc3, 0xa1, 0x65, 0x53, 0xf1, 0x67, 0xec, 0x27, 0xd3, + 0xee, 0x4d, 0xa6, 0x63, 0xf4, 0xb1, 0x1e, 0xe4, 0xca, 0x63, 0xf2, 0x55, 0x0c, 0x78, 0xfa, 0xab, + 0xbd, 0xf9, 0xfd, 0x67, 0x7e, 0x24, 0xa1, 0x83, 0x79, 0x52, 0x09, 0x90, 0x8d, 0x0a, 0xb6, 0xc7, + 0xc8, 0xd3, 0x21, 0x27, 0x09, 0x65, 0x79, 0x65, 0x8d, 0xd8, 0xac, 0x55, 0x24, 0x8b, 0x68, 0xb5, + 0x52, 0xeb, 0x25, 0x9e, 0x68, 0xb5, 0x15, 0x8d, 0xd4, 0x06, 0xc8, 0x8e, 0xfb, 0xb2, 0x1b, 0x63, + 0x78, 0xd9, 0x9d, 0x83, 0xb8, 0x4e, 0x1c, 0x4e, 0x92, 0x5b, 0x06, 0xc3, 0x9e, 0x8a, 0x26, 0x21, + 0x49, 0xcc, 0x95, 0x62, 0x91, 0x52, 0x31, 0x22, 0x3a, 0x37, 0x68, 0x16, 0x92, 0xaa, 0x54, 0xc6, + 0x6a, 0x78, 0x79, 0xf3, 0x17, 0x75, 0x66, 0xa1, 0x9b, 0x30, 0x59, 0x31, 0xd4, 0x55, 0xea, 0xbe, + 0x1d, 0x3c, 0x72, 0x9f, 0x54, 0x24, 0xcb, 0xa9, 0x77, 0x9b, 0x58, 0x87, 0x1a, 0xa1, 0x6b, 0x80, + 0x88, 0x69, 0xd6, 0xb1, 0xb1, 0xea, 0x2b, 0xa6, 0xe4, 0x94, 0xc7, 0x68, 0xa8, 0x10, 0x13, 0x54, + 0x80, 0x61, 0x59, 0xb2, 0xa4, 0x3b, 0xe2, 0x12, 0x4d, 0xd4, 0xd1, 0xc5, 0x63, 0xcd, 0x46, 0xe6, + 0x48, 0x88, 0x48, 0xeb, 0x86, 0x2a, 0x88, 0xad, 0xb9, 0x76, 0xad, 0xb0, 0x2f, 0xaf, 0x12, 0x15, + 0xaf, 0x92, 0x47, 0x98, 0x1f, 0xcd, 0x72, 0xd3, 0x09, 0x31, 0x30, 0x86, 0xd2, 0x00, 0xf6, 0x7d, + 0x89, 0x28, 0xd8, 0xb4, 0x78, 0xa0, 0xd5, 0xa4, 0x6d, 0x04, 0x9d, 0x86, 0x09, 0xff, 0xee, 0xf6, + 0x86, 0x8e, 0xf9, 0x31, 0x5b, 0x9f, 0x62, 0xc7, 0x28, 0x7a, 0x0f, 0x26, 0x0c, 0x4f, 0x52, 0x74, + 0xde, 0x38, 0xd5, 0x71, 0xe4, 0x3e, 0x3b, 0xa6, 0x77, 0xe7, 0xc1, 0x41, 0x86, 0x3c, 0x40, 0x37, + 0x01, 0x79, 0x54, 0x94, 0xb0, 0x8a, 0x15, 0xc9, 0xd2, 0x0c, 0x7e, 0x22, 0x2c, 0x68, 0xc1, 0xb7, + 0xd8, 0x10, 0x33, 0x21, 0x07, 0x33, 0xbd, 0xe4, 0x8b, 0x97, 0x60, 0x8f, 0x93, 0x70, 0x66, 0xd9, + 0x54, 0xee, 0xe8, 0xf6, 0x02, 0xff, 0x83, 0x1c, 0xf3, 0x72, 0x23, 0xde, 0x53, 0x6e, 0xcc, 0x47, + 0xe4, 0x06, 0x2d, 0x7d, 0x7d, 0xa5, 0x40, 0xb2, 0xff, 0x14, 0x58, 0xf0, 0x53, 0xc0, 0xc9, 0xc5, + 0xe3, 0xcd, 0x46, 0x86, 0xf7, 0xad, 0xb5, 0x2a, 0xb1, 0x70, 0x55, 0xb7, 0x36, 0xb6, 0xc8, 0x81, + 0xe1, 0x2d, 0x73, 0x60, 0xa4, 0x87, 0x1c, 0x18, 0x0d, 0xcd, 0x81, 0x2e, 0x09, 0xc3, 0xe0, 0x24, + 0x3c, 0xc6, 0x26, 0xe1, 0xb3, 0x90, 0xef, 0x51, 0x91, 0x9e, 0x8a, 0xbf, 0x8d, 0x51, 0x15, 0xdb, + 0x18, 0x7b, 0x51, 0xc5, 0xe1, 0x8a, 0x4c, 0xf4, 0xad, 0x48, 0x37, 0xb4, 0xbd, 0x84, 0xc9, 0x0b, + 0xed, 0x57, 0x31, 0x18, 0xb7, 0x2b, 0x8a, 0x69, 0xef, 0xfa, 0x2e, 0x91, 0xf7, 0xd0, 0x7b, 0x90, + 0x4b, 0x60, 0xa2, 0x7f, 0x02, 0x85, 0x29, 0x98, 0x6c, 0x0f, 0x8a, 0xff, 0xbe, 0x12, 0x83, 0xc3, + 0x4e, 0xfd, 0xbd, 0xa5, 0x55, 0x76, 0xdb, 0x41, 0x60, 0xe8, 0x71, 0x45, 0x62, 0x60, 0xc7, 0x15, + 0x49, 0x96, 0x97, 0xc0, 0x0c, 0xbc, 0x19, 0x1a, 0x2f, 0x2f, 0xa2, 0x5f, 0xc4, 0xdc, 0xee, 0xaa, + 0xaa, 0xad, 0xef, 0xc5, 0xee, 0xaa, 0xb3, 0x39, 0x4a, 0x84, 0x74, 0xa2, 0xad, 0xa6, 0xa5, 0x3d, + 0x04, 0x7e, 0xfb, 0xe9, 0x04, 0xc8, 0x0f, 0xe1, 0xae, 0x96, 0x5b, 0x7c, 0x60, 0x72, 0x4b, 0xb0, + 0xb7, 0x7f, 0xc1, 0x58, 0x79, 0x91, 0xfc, 0x31, 0xee, 0xb6, 0x7f, 0x76, 0x73, 0x78, 0x4b, 0xab, + 0xd8, 0x5a, 0x7c, 0x3d, 0x15, 0xb7, 0xfd, 0x03, 0x96, 0xff, 0xaa, 0x9f, 0x6f, 0x35, 0x91, 0x21, + 0x94, 0x79, 0xbc, 0xfe, 0x10, 0xa7, 0xd5, 0xda, 0x9b, 0xb4, 0xcf, 0xe9, 0xee, 0xe6, 0x34, 0x4d, + 0xcf, 0x31, 0xbb, 0xe8, 0x6a, 0xf1, 0x39, 0xff, 0x6a, 0x0a, 0xe2, 0xcb, 0xa6, 0x82, 0x7e, 0xe5, + 0x60, 0x2a, 0xe2, 0xb3, 0xdb, 0x8d, 0x3e, 0x3f, 0xfb, 0xe5, 0x22, 0xbf, 0x08, 0xa5, 0x3e, 0x18, + 0x18, 0x54, 0x6b, 0x03, 0xd4, 0xf1, 0x88, 0x2f, 0x4b, 0x2c, 0x8e, 0x87, 0x43, 0x31, 0x39, 0xbe, + 0xf9, 0x77, 0x1c, 0xf4, 0x35, 0x07, 0x63, 0xed, 0x1f, 0x71, 0xde, 0x65, 0x59, 0xc2, 0xb7, 0x4f, + 0x5d, 0xdd, 0x9e, 0xbd, 0xe7, 0xd7, 0x6f, 0x1c, 0x1c, 0x8d, 0xfe, 0xae, 0xb1, 0xc4, 0xce, 0x60, + 0x37, 0x5a, 0xea, 0xf6, 0x20, 0xd1, 0x02, 0x3b, 0x88, 0x3e, 0xb9, 0x5f, 0x62, 0xa7, 0x72, 0x40, + 0x3b, 0xd8, 0xf2, 0x18, 0x1c, 0x7d, 0xc3, 0xc1, 0x44, 0xc7, 0x19, 0x78, 0x91, 0x61, 0xa1, 0x20, + 0x44, 0xea, 0xc6, 0xb6, 0x21, 0x3c, 0x07, 0x7f, 0xe2, 0xe0, 0x70, 0xf8, 0xd1, 0xee, 0x75, 0xa6, + 0x45, 0x42, 0x90, 0x52, 0x2b, 0x83, 0x42, 0xf2, 0xbc, 0xfe, 0x8b, 0x83, 0x13, 0x5b, 0x1f, 0x7f, + 0xde, 0x66, 0x4b, 0xa4, 0xcd, 0x51, 0x53, 0x9f, 0xec, 0x04, 0xaa, 0xb7, 0xb3, 0xe7, 0x1c, 0x9c, + 0xea, 0xe9, 0xdc, 0xe9, 0x43, 0x06, 0x37, 0x7a, 0x01, 0x4e, 0xdd, 0xdb, 0x21, 0xe0, 0xc0, 0x16, + 0x7b, 0x3a, 0x94, 0x60, 0xd9, 0x62, 0x2f, 0xc0, 0x4c, 0x5b, 0xec, 0xe7, 0x7c, 0x00, 0x7d, 0xc9, + 0xc1, 0xa8, 0x7f, 0x38, 0xf0, 0x0e, 0x8b, 0x62, 0x5a, 0xd6, 0xa9, 0xd2, 0x76, 0xac, 0x3d, 0x8f, + 0x9e, 0x70, 0x80, 0x42, 0x1a, 0xf0, 0xf7, 0xd9, 0xc4, 0xdc, 0x01, 0x93, 0x5a, 0x1e, 0x08, 0x4c, + 0x47, 0xd5, 0x0c, 0xf4, 0xb6, 0x6c, 0x55, 0xb3, 0x1d, 0x82, 0xb1, 0x6a, 0x86, 0xb5, 0x97, 0xd4, + 0xc1, 0x8e, 0xde, 0xb2, 0xb8, 0xad, 0x10, 0x30, 0x3b, 0x18, 0xde, 0xb5, 0xb9, 0x65, 0x3d, 0xac, + 0x65, 0xbb, 0xce, 0xfc, 0xec, 0xe8, 0x40, 0x62, 0x2c, 0xeb, 0x9b, 0xf4, 0x24, 0xe8, 0x7b, 0x0e, + 0x0e, 0x75, 0x37, 0x24, 0xa5, 0xed, 0xac, 0xe3, 0x79, 0xbb, 0x34, 0x08, 0x94, 0x96, 0xa7, 0x8b, + 0x9f, 0xfe, 0xfe, 0x22, 0xcd, 0x3d, 0x7b, 0x91, 0xe6, 0x9e, 0xbf, 0x48, 0x73, 0x8f, 0x5f, 0xa6, + 0x0f, 0x3c, 0x7b, 0x99, 0x3e, 0xf0, 0xf7, 0xcb, 0xf4, 0x81, 0x8f, 0x4b, 0x0a, 0xb1, 0x1e, 0xd4, + 0xcb, 0xb9, 0x8a, 0x56, 0xcd, 0x3b, 0x2b, 0xce, 0xb6, 0x96, 0xcc, 0xb7, 0x2d, 0x39, 0xeb, 0xaf, + 0x39, 0xeb, 0x2c, 0x9a, 0x7f, 0x98, 0xa7, 0xff, 0xd1, 0xdb, 0xd0, 0xb1, 0x59, 0x1e, 0xa2, 0x7f, + 0xa3, 0x3b, 0xf7, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x6b, 0xee, 0x4b, 0x70, 0xb7, 0x27, 0x00, + 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -3431,6 +3449,13 @@ func (m *MsgAddPkiRevocationDistributionPoint) MarshalToSizedBuffer(dAtA []byte) _ = i var l int _ = l + if len(m.CrlSignerDelegator) > 0 { + i -= len(m.CrlSignerDelegator) + copy(dAtA[i:], m.CrlSignerDelegator) + i = encodeVarintTx(dAtA, i, uint64(len(m.CrlSignerDelegator))) + i-- + dAtA[i] = 0x72 + } if m.SchemaVersion != 0 { i = encodeVarintTx(dAtA, i, uint64(m.SchemaVersion)) i-- @@ -3559,6 +3584,13 @@ func (m *MsgUpdatePkiRevocationDistributionPoint) MarshalToSizedBuffer(dAtA []by _ = i var l int _ = l + if len(m.CrlSignerDelegator) > 0 { + i -= len(m.CrlSignerDelegator) + copy(dAtA[i:], m.CrlSignerDelegator) + i = encodeVarintTx(dAtA, i, uint64(len(m.CrlSignerDelegator))) + i-- + dAtA[i] = 0x5a + } if m.SchemaVersion != 0 { i = encodeVarintTx(dAtA, i, uint64(m.SchemaVersion)) i-- @@ -4562,6 +4594,10 @@ func (m *MsgAddPkiRevocationDistributionPoint) Size() (n int) { if m.SchemaVersion != 0 { n += 1 + sovTx(uint64(m.SchemaVersion)) } + l = len(m.CrlSignerDelegator) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } return n } @@ -4616,6 +4652,10 @@ func (m *MsgUpdatePkiRevocationDistributionPoint) Size() (n int) { if m.SchemaVersion != 0 { n += 1 + sovTx(uint64(m.SchemaVersion)) } + l = len(m.CrlSignerDelegator) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } return n } @@ -7200,6 +7240,38 @@ func (m *MsgAddPkiRevocationDistributionPoint) Unmarshal(dAtA []byte) error { break } } + case 14: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrlSignerDelegator", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrlSignerDelegator = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTx(dAtA[iNdEx:]) @@ -7568,6 +7640,38 @@ func (m *MsgUpdatePkiRevocationDistributionPoint) Unmarshal(dAtA []byte) error { break } } + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CrlSignerDelegator", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CrlSignerDelegator = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTx(dAtA[iNdEx:])