Added index for all certificates by subject key id

zigbee-alliance · Nov 13, 2024 · 7c3bd26 · 7c3bd26
1 parent f2c4fd6
commit 7c3bd26
Show file tree

Hide file tree

Showing 34 changed files with 1,283 additions and 257 deletions.
diff --git a/integration_tests/cli/pki-combine-certs.sh b/integration_tests/cli/pki-combine-certs.sh
@@ -283,6 +283,41 @@ response_does_not_contain "$result" "\"subjectKeyId\": \"$da_root_subject_key_id
 
 test_divider
 
+echo "Request certificates by subject key id"
+echo "Request DA certificate using global command"
+result=$(dcld query pki certs --subject-key-id="$da_root_subject_key_id")
+echo $result | jq
+check_response "$result" "\"subjectKeyId\": \"$da_root_subject_key_id\""
+
+echo "Request NOC certificate using global command"
+result=$(dcld query pki certs --subject-key-id="$noc_root_subject_key_id")
+echo $result | jq
+check_response "$result" "\"subjectKeyId\": \"$noc_root_subject_key_id\""
+
+echo "Request DA certificate"
+result=$(dcld query pki x509-cert --subject-key-id="$da_root_subject_key_id")
+echo $result | jq
+check_response "$result" "\"subjectKeyId\": \"$da_root_subject_key_id\""
+
+echo "Request NOC certificate using DA command (must be empty)"
+result=$(dcld query pki x509-cert --subject="$noc_root_subject" --subject-key-id="$noc_root_subject_key_id")
+echo $result | jq
+check_response "$result" "Not Found"
+response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_subject_key_id\""
+
+echo "Request NOC Root certificate"
+result=$(dcld query pki noc-x509-cert --subject="$noc_root_subject" --subject-key-id="$noc_root_subject_key_id")
+echo $result | jq
+check_response "$result" "\"subjectKeyId\": \"$noc_root_subject_key_id\""
+
+echo "Request DA certificate using NOC command (must be empty)"
+result=$(dcld query pki noc-x509-cert --subject="$da_root_subject" --subject-key-id="$da_root_subject_key_id")
+echo $result | jq
+check_response "$result" "Not Found"
+response_does_not_contain "$result" "\"subjectKeyId\": \"$da_root_subject_key_id\""
+
+test_divider
+
 echo "Request DA certificates by subject using global command"
 result=$(dcld query pki all-subject-certs --subject=$da_root_subject)
 echo $result | jq

diff --git a/integration_tests/upgrade/04-test-upgrade-1.4.3-to-1.4.4.sh b/integration_tests/upgrade/04-test-upgrade-1.4.3-to-1.4.4.sh
@@ -493,6 +493,21 @@ result=$(dcld query pki noc-x509-cert --subject="$noc_root_cert_1_subject_for_1_
 check_response "$result" "Not Found"
 
 echo "Get all x509 certificates by subjectKeyId"
+result=$($DCLD_BIN_NEW query pki cert --subject-key-id="$root_cert_with_vid_subject_key_id_for_1_4_3")
+check_response "$result" "$root_cert_with_vid_subject_for_1_4_3"
+check_response "$result" "\"subjectKeyId\": \"$root_cert_with_vid_subject_key_id_for_1_4_3\""
+
+result=$($DCLD_BIN_NEW query pki cert --subject-key-id="$test_root_cert_subject_key_id_for_1_2")
+check_response "$result" "$test_root_cert_subject_for_1_2"
+check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id_for_1_2\""
+
+result=$($DCLD_BIN_NEW query pki cert --subject-key-id="$test_root_cert_subject_key_id")
+check_response "$result" "$test_root_cert_subject"
+check_response "$result" "\"subjectKeyId\": \"$test_root_cert_subject_key_id\""
+
+result=$($DCLD_BIN_NEW query pki cert --subject-key-id="$noc_root_cert_1_subject_key_id_for_1_4_3")
+check_response "$result" "Not Found"
+
 result=$($DCLD_BIN_NEW query pki x509-cert --subject-key-id="$root_cert_with_vid_subject_key_id_for_1_4_3")
 check_response "$result" "$root_cert_with_vid_subject_for_1_4_3"
 check_response "$result" "\"subjectKeyId\": \"$root_cert_with_vid_subject_key_id_for_1_4_3\""
@@ -1490,11 +1505,18 @@ check_response "$result" "Not Found"
 
 echo "Get all certificates by SKID"
 
+echo "Get all certificates by SKID (Global)"
+result=$($DCLD_BIN_NEW query pki cert --subject-key-id=$da_root_cert_2_subject_key_id_for_1_4_4)
+check_response "$result" "\"subjectKeyId\": \"$da_root_cert_2_subject_key_id_for_1_4_4\""
+
+result=$($DCLD_BIN_NEW query pki cert --subject-key-id=$noc_root_cert_2_subject_key_id_for_1_4_4)
+check_response "$result" "\"subjectKeyId\": \"$noc_root_cert_2_subject_for_1_4_4\""
+
 echo "Get all certificates by SKID (DA)"
 result=$($DCLD_BIN_NEW query pki x509-cert --subject-key-id=$da_root_cert_2_subject_key_id_for_1_4_4)
 check_response "$result" "\"subjectKeyId\": \"$da_root_cert_2_subject_key_id_for_1_4_4\""
 
-result=$($DCLD_BIN_NEW query pki x509-cert --subject-key-id=$noc_root_cert_2_subject_for_1_4_4)
+result=$($DCLD_BIN_NEW query pki x509-cert --subject-key-id=$noc_root_cert_2_subject_key_id_for_1_4_4)
 check_response "$result" "Not Found"
 
 echo "Get all certificates by SKID (NOC)"

diff --git a/...o/zigbeealliance/distributedcomplianceledger/pki/all_certificates_by_subject_key_id.proto b/...o/zigbeealliance/distributedcomplianceledger/pki/all_certificates_by_subject_key_id.proto
@@ -0,0 +1,14 @@
+syntax = "proto3";
+package zigbeealliance.distributedcomplianceledger.pki;
+
+option go_package = "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types";
+
+import "zigbeealliance/distributedcomplianceledger/pki/certificate.proto";
+
+message AllCertificatesBySubjectKeyId {
+  string subjectKeyId = 1;
+  repeated Certificate certs = 2;
+  uint32 schemaVersion = 3;
+
+}
+
diff --git a/proto/zigbeealliance/distributedcomplianceledger/pki/genesis.proto b/proto/zigbeealliance/distributedcomplianceledger/pki/genesis.proto
@@ -24,6 +24,8 @@ import "zigbeealliance/distributedcomplianceledger/pki/noc_certificates_by_vid_a
 import "zigbeealliance/distributedcomplianceledger/pki/noc_certificates_by_subject.proto";
 import "zigbeealliance/distributedcomplianceledger/pki/all_certificates.proto";
 import "zigbeealliance/distributedcomplianceledger/pki/all_certificates_by_subject.proto";
+import "zigbeealliance/distributedcomplianceledger/pki/all_certificates_by_subject_key_id.proto";
+
 // this line is used by starport scaffolding # genesis/proto/import
 import "gogoproto/gogo.proto";
 
@@ -54,5 +56,6 @@ message GenesisState {
   repeated AllCertificates certificatesList = 21 [(gogoproto.nullable) = false];
   repeated RevokedNocIcaCertificates revokedNocIcaCertificatesList = 22 [(gogoproto.nullable) = false];
   repeated AllCertificatesBySubject allCertificatesBySubjectList = 23 [(gogoproto.nullable) = false];
+  repeated AllCertificatesBySubjectKeyId allCertificatesBySubjectKeyIdList = 24 [(gogoproto.nullable) = false];
   // this line is used by starport scaffolding # genesis/proto/state
 }
diff --git a/proto/zigbeealliance/distributedcomplianceledger/pki/query.proto b/proto/zigbeealliance/distributedcomplianceledger/pki/query.proto
@@ -197,6 +197,7 @@ service Query {
 
 message QueryAllCertificatesRequest {
   cosmos.base.query.v1beta1.PageRequest pagination = 1;
+  string subjectKeyId = 2;
 }
 
 message QueryAllCertificatesResponse {

diff --git a/x/pki/client/cli/query_all_certificates.go b/x/pki/client/cli/query_all_certificates.go
@@ -58,7 +58,7 @@ func CmdShowCertificates() *cobra.Command {
 
 	cmd := &cobra.Command{
 		Use: "cert",
-		Short: "Gets certificate by the given combination of subject and subject-key-id. " +
+		Short: "Gets certificate by the given combination of subject and subject-key-id or just subject-key-id. " +
 			"This query works for all types of certificates (PAA, PAI, RCAC, ICAC).",
 		Args: cobra.ExactArgs(0),
 		RunE: func(cmd *cobra.Command, args []string) (err error) {
@@ -67,13 +67,24 @@ func CmdShowCertificates() *cobra.Command {
 				return err
 			}
 
-			var res types.AllCertificates
+			if subject != "" {
+				var res types.AllCertificates
+
+				return cli.QueryWithProof(
+					clientCtx,
+					pkitypes.StoreKey,
+					types.AllCertificatesKeyPrefix,
+					types.AllCertificatesKey(subject, subjectKeyID),
+					&res,
+				)
+			}
+			var res types.AllCertificatesBySubjectKeyId
 
 			return cli.QueryWithProof(
 				clientCtx,
 				pkitypes.StoreKey,
-				types.AllCertificatesKeyPrefix,
-				types.AllCertificatesKey(subject, subjectKeyID),
+				types.AllCertificatesBySubjectKeyIDKeyPrefix,
+				types.AllCertificatesBySubjectKeyIDKey(subjectKeyID),
 				&res,
 			)
 		},

diff --git a/x/pki/genesis.go b/x/pki/genesis.go
@@ -101,6 +101,9 @@ func InitGenesis(ctx sdk.Context, k keeper.Keeper, genState types.GenesisState)
 	for _, elem := range genState.AllCertificatesBySubjectList {
 		k.SetAllCertificatesBySubject(ctx, elem)
 	}
+	for _, elem := range genState.AllCertificatesBySubjectKeyIdList {
+		k.SetAllCertificatesBySubjectKeyID(ctx, elem)
+	}
 	// this line is used by starport scaffolding # genesis/module/init
 }
 
@@ -139,6 +142,7 @@ func ExportGenesis(ctx sdk.Context, k keeper.Keeper) *types.GenesisState {
 	genesis.CertificatesList = k.GetAllAllCertificates(ctx)
 	genesis.RevokedNocIcaCertificatesList = k.GetAllRevokedNocIcaCertificates(ctx)
 	genesis.AllCertificatesBySubjectList = k.GetAllAllCertificatesBySubject(ctx)
+	genesis.AllCertificatesBySubjectKeyIdList = k.GetAllAllCertificatesBySubjectKeyID(ctx)
 	// this line is used by starport scaffolding # genesis/module/export
 
 	return genesis

diff --git a/x/pki/genesis_test.go b/x/pki/genesis_test.go
@@ -224,6 +224,14 @@ func TestGenesis(t *testing.T) {
 				Subject: "1",
 			},
 		},
+		AllCertificatesBySubjectKeyIdList: []types.AllCertificatesBySubjectKeyId{
+			{
+				SubjectKeyId: "0",
+			},
+			{
+				SubjectKeyId: "1",
+			},
+		},
 		// this line is used by starport scaffolding # genesis/test/state
 	}
 
@@ -255,5 +263,7 @@ func TestGenesis(t *testing.T) {
 	require.ElementsMatch(t, genesisState.CertificatesList, got.CertificatesList)
 	require.ElementsMatch(t, genesisState.RevokedNocIcaCertificatesList, got.RevokedNocIcaCertificatesList)
 	require.ElementsMatch(t, genesisState.AllCertificatesBySubjectList, got.AllCertificatesBySubjectList)
+	require.ElementsMatch(t, genesisState.AllCertificatesBySubjectKeyIdList, got.AllCertificatesBySubjectKeyIdList)
+	require.ElementsMatch(t, genesisState.AllCertificatesBySubjectKeyIdList, got.AllCertificatesBySubjectKeyIdList)
 	// this line is used by starport scaffolding # genesis/test/assert
 }
diff --git a/x/pki/handler_test.go b/x/pki/handler_test.go
@@ -225,14 +225,14 @@ func queryProposedCertificate(
 	return &resp.ProposedCertificate, nil
 }
 
-func queryAllApprovedCertificates(setup *TestSetup) ([]types.ApprovedCertificates, error) {
+func queryAllNocCertificates(setup *TestSetup) ([]types.NocCertificates, error) {
 	// query all certificates
-	return _queryAllApprovedCertificates(setup, "")
+	return _queryAllNocCertificates(setup, "")
 }
 
-func queryAllNocCertificates(setup *TestSetup) ([]types.NocCertificates, error) {
+func queryAllApprovedCertificates(setup *TestSetup) ([]types.ApprovedCertificates, error) {
 	// query all certificates
-	return _queryAllNocCertificates(setup, "")
+	return _queryAllApprovedCertificates(setup, "")
 }
 
 func queryAllApprovedCertificatesBySubjectKeyID(setup *TestSetup, subjectKeyID string) ([]types.ApprovedCertificates, error) {
@@ -772,6 +772,29 @@ func queryRevokedNocIcaCertificates(setup *TestSetup, subject, subjectKeyID stri
 	return &resp.RevokedNocIcaCertificates, nil
 }
 
+func queryAllCertificatesBySubjectKeyID(setup *TestSetup, subjectKeyID string) ([]types.AllCertificates, error) {
+	// query all certificates
+	return _queryAllCertificates(setup, subjectKeyID)
+}
+
+func _queryAllCertificates(setup *TestSetup, subjectKeyID string) ([]types.AllCertificates, error) {
+	// query all certificates
+	req := &types.QueryAllCertificatesRequest{
+		SubjectKeyId: subjectKeyID,
+	}
+
+	resp, err := setup.Keeper.CertificatesAll(setup.Wctx, req)
+	if err != nil {
+		require.Nil(setup.T, resp)
+
+		return nil, err
+	}
+
+	require.NotNil(setup.T, resp)
+
+	return resp.Certificates, nil
+}
+
 func queryCertificatesFromAllCertificatesIndex(
 	setup *TestSetup,
 	subject string,
@@ -897,11 +920,16 @@ func ensureCertificatePresentInGlobalCertificateIndexes(
 	require.Equal(t, subjectKeyID, allCertificate.SubjectKeyId)
 	require.Equal(t, serialNumber, allCertificate.SerialNumber)
 
+	// AllCertificate: SKID
+	certificateBySubjectKeyID, _ := queryAllCertificatesBySubjectKeyID(setup, subjectKeyID)
+	require.Len(t, certificateBySubjectKeyID, 1)
+	require.Len(t, certificateBySubjectKeyID[0].Certs, 1)
+
 	if !skipCheckForSubject {
 		// AllCertificate: Subject
 		allCertificatesBySubject, err := queryCertificatesBySubjectFromAllCertificatesIndex(setup, subject)
 		require.NoError(t, err)
-		require.Len(t, 1, len(allCertificatesBySubject.SubjectKeyIds))
+		require.Len(t, allCertificatesBySubject.SubjectKeyIds, 1)
 		require.Equal(t, subjectKeyID, allCertificatesBySubject.SubjectKeyIds[0])
 	}
 }
@@ -921,6 +949,10 @@ func ensureCertificateNotPresentInGlobalCertificateIndexes(
 	_, err := querySingleCertificateFromAllCertificatesIndex(setup, subject, subjectKeyID)
 	require.Equal(t, codes.NotFound, status.Code(err))
 
+	// DaCertificates: SubjectKeyID
+	certificatesBySubjectKeyID, _ := queryAllCertificatesBySubjectKeyID(setup, subjectKeyID)
+	require.Empty(t, certificatesBySubjectKeyID)
+
 	if !skipCheckForSubject {
 		// AllCertificate: Subject
 		_, err = queryCertificatesBySubjectFromAllCertificatesIndex(setup, subject)
@@ -948,14 +980,14 @@ func ensureCertificatePresentInDaCertificateIndexes(
 
 	// DaCertificates: SKID
 	certificateBySubjectKeyID, _ := queryAllApprovedCertificatesBySubjectKeyID(setup, subjectKeyID)
-	require.Len(t, 1, len(certificateBySubjectKeyID))
-	require.Len(t, 1, len(certificateBySubjectKeyID[0].Certs))
+	require.Len(t, certificateBySubjectKeyID, 1)
+	require.Len(t, certificateBySubjectKeyID[0].Certs, 1)
 
 	if !skipCheckForSubject {
 		// DACertificates: Subject
 		certificatesBySubject, err := queryApprovedCertificatesBySubject(setup, subject)
 		require.NoError(t, err)
-		require.Len(t, 1, len(certificatesBySubject.SubjectKeyIds))
+		require.Len(t, certificatesBySubject.SubjectKeyIds, 1)
 		require.Equal(t, subjectKeyID, certificatesBySubject.SubjectKeyIds[0])
 	}
 }
@@ -985,14 +1017,14 @@ func ensureCertificatePresentInNocCertificateIndexes(
 	// NocCertificates: SubjectKeyID
 	nocCertificatesBySubjectKeyID, err := queryAllNocCertificatesBySubjectKeyID(setup, subjectKeyID)
 	require.NoError(t, err)
-	require.Len(t, 1, len(nocCertificatesBySubjectKeyID))
-	require.Len(t, 1, len(nocCertificatesBySubjectKeyID[0].Certs))
+	require.Len(t, nocCertificatesBySubjectKeyID, 1)
+	require.Len(t, nocCertificatesBySubjectKeyID[0].Certs, 1)
 	require.Equal(t, serialNumber, nocCertificatesBySubjectKeyID[0].Certs[0].SerialNumber)
 
 	// NocCertificates: Subject
 	nocCertificatesBySubject, err := queryNocCertificatesBySubject(setup, subject)
 	require.NoError(t, err)
-	require.Len(t, 1, len(nocCertificatesBySubject.SubjectKeyIds))
+	require.Len(t, nocCertificatesBySubject.SubjectKeyIds, 1)
 	require.Equal(t, subjectKeyID, nocCertificatesBySubject.SubjectKeyIds[0])
 
 	// NocCertificates: VID and SKID