#535 Enable adding non-root NOC(ICA) certificates

Signed-off-by: Abdulbois <[email protected]>
Signed-off-by: Abdulbois <[email protected]>

integration_tests/constants/noc_constants.go

@@ -1,36 +1,38 @@
 package testconstants
 
 const (
-	NocRootCert1 = `
------BEGIN CERTIFICATE-----
-MIICATCCAaegAwIBAgIUJhMwtZzr6dGO6tqHmuDi4Bz/tNAwCgYIKoZIzj0EAwIw
-VTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAwwFTk9DLTEwIBcNMjQwMjE0
-MTQ0NzI1WhgPMzAyMzA2MTcxNDQ3MjVaMFUxCzAJBgNVBAYTAkFVMRMwEQYDVQQI
-DApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQx
-DjAMBgNVBAMMBU5PQy0xMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECsW1A5xK
-Tv4qbfUsUp74bQNlkJV6GZL59b+PgqLyq7P1PMtJK3L7NmisUvdsT1dYr1sMzDEK
-6ZuajkpkIfeV3qNTMFEwHQYDVR0OBBYEFETrTGJrJUjNorMch0FaCOcruYMmMB8G
-A1UdIwQYMBaAFETrTGJrJUjNorMch0FaCOcruYMmMA8GA1UdEwEB/wQFMAMBAf8w
-CgYIKoZIzj0EAwIDSAAwRQIgS4gxVvmQghH93BbG3RRpJ07Re5+gTFAo5qfVTtDo
-teUCIQCQwlaPb8U8S0ee3Iz1gg4LOTxZ/IWyCzPpCteAEKcl+w==
------END CERTIFICATE-----
-	`
-	NocRootCert2 = `
------BEGIN CERTIFICATE-----
-MIICATCCAaegAwIBAgIUfi/tSwkm8n1SVPVYvpmRj7WDKFAwCgYIKoZIzj0EAwIw
-VTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu
-dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAwwFTk9DLTIwIBcNMjQwMjE0
-MTQ0NzQ1WhgPMzAyMzA2MTcxNDQ3NDVaMFUxCzAJBgNVBAYTAkFVMRMwEQYDVQQI
-DApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQx
-DjAMBgNVBAMMBU5PQy0yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdyZTx3lJ
-ZYUEazRXrDUgtut3EF1iXFXibKttwgvqIQqo/8Z/5uh402+AjqlsYRW7J2XhAaNl
-jd+mU2GZc9whuaNTMFEwHQYDVR0OBBYEFM/m3TcrTLK5qfJ1MByqsTcbEX8bMB8G
-A1UdIwQYMBaAFM/m3TcrTLK5qfJ1MByqsTcbEX8bMA8GA1UdEwEB/wQFMAMBAf8w
-CgYIKoZIzj0EAwIDSAAwRQIhAPxnWiN91np0FqsJ3wzxbBhUvb0L7tCCG8b78ug5
-M4e6AiAzKpDZ//MaM3khHSuiJhXBWhN+HR/veWVfeLLKtMhoKg==
------END CERTIFICATE-----
-	`
+	NocRootCert1 = `-----BEGIN CERTIFICATE-----
+MIICRzCCAe2gAwIBAgIBATAKBggqhkjOPQQDAjCBgjELMAkGA1UEBhMCVVMxETAP
+BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
+bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
+DA93d3cuZXhhbXBsZS5jb20wIBcNMjQwMzAxMDYzMjU3WhgPMzAyMzA3MDMwNjMy
+NTdaMIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcM
+CE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRl
+c3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTBZMBMGByqG
+SM49AgEGCCqGSM49AwEHA0IABArFtQOcSk7+Km31LFKe+G0DZZCVehmS+fW/j4Ki
+8quz9TzLSSty+zZorFL3bE9XWK9bDMwxCumbmo5KZCH3ld6jUDBOMB0GA1UdDgQW
+BBRE60xiayVIzaKzHIdBWgjnK7mDJjAfBgNVHSMEGDAWgBRE60xiayVIzaKzHIdB
+WgjnK7mDJjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIFKb9E9iOW4w
+Ikqs7/C6KvFxkVxRuTM6NixyEqsy4UeFAiEAhGo2Ei68up0oFFswgbMAKWOrmdV3
+2YICtSsNTZ73dbY=
+-----END CERTIFICATE-----`
+
+	NocRootCert2 = `-----BEGIN CERTIFICATE-----
+MIICRzCCAe2gAwIBAgIBAjAKBggqhkjOPQQDAjCBgjELMAkGA1UEBhMCVVMxETAP
+BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
+bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
+DA93d3cuZXhhbXBsZS5jb20wIBcNMjQwMzAxMDYzOTI3WhgPMzAyMzA3MDMwNjM5
+MjdaMIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcM
+CE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRl
+c3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTBZMBMGByqG
+SM49AgEGCCqGSM49AwEHA0IABHcmU8d5SWWFBGs0V6w1ILbrdxBdYlxV4myrbcIL
+6iEKqP/Gf+boeNNvgI6pbGEVuydl4QGjZY3fplNhmXPcIbmjUDBOMB0GA1UdDgQW
+BBTP5t03K0yyuanydTAcqrE3GxF/GzAfBgNVHSMEGDAWgBTP5t03K0yyuanydTAc
+qrE3GxF/GzAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIA0VRYFLNitp
+0lffEXkPOwJ3RCJkxw4+TNiAZNhrs8QeAiEAh8124FgTDHwGCrQRFfYHVkCCayMK
+7C3/hnmN19Uan88=
+-----END CERTIFICATE-----`
+
 	NocRootCert3 = `
 -----BEGIN CERTIFICATE-----
 MIICAjCCAaegAwIBAgIUBrx8BUhP5Vi8W79pFDlqwkIw18MwCgYIKoZIzj0EAwIw
@@ -47,18 +49,58 @@ F5UqAiEAshHfXxUpdfxqiLoTjQjkNf0AHVYBFhLdB+iIFspwTyg=
 -----END CERTIFICATE-----
 	`
 
-	NocRootCert1Subject       = "MFUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDjAMBgNVBAMMBU5PQy0x"
+	NocCert1 = `-----BEGIN CERTIFICATE-----
+MIICOTCCAd+gAwIBAgIBAzAKBggqhkjOPQQDAjCBgjELMAkGA1UEBhMCVVMxETAP
+BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
+bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
+DA93d3cuZXhhbXBsZS5jb20wIBcNMjQwMzAxMDY0NDE4WhgPMzAyMzA3MDMwNjQ0
+MThaMIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcM
+CE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRl
+c3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTBZMBMGByqG
+SM49AgEGCCqGSM49AwEHA0IABM49jq9u+/yejw1wh19r8xuQl6kWRRx85jKbSBqM
+vbKmHxr/CTRGliov4z4oniiNrvSgor+KAGYSK1EPhUHeZdCjQjBAMB0GA1UdDgQW
+BBQCcm68u+/WvY2bQq7UPMBVX2Y6szAfBgNVHSMEGDAWgBRE60xiayVIzaKzHIdB
+WgjnK7mDJjAKBggqhkjOPQQDAgNIADBFAiAE9y8XdiA4kxwtY2vDS4HVkdoj5wyS
+P3NimycxtXsj9AIhALjQsYWHp7+kr75SgNIKgav7Fr3fxEFvWca8oWMxM1PA
+-----END CERTIFICATE-----`
+
+	NocCert2 = `-----BEGIN CERTIFICATE-----
+MIICODCCAd+gAwIBAgIBBDAKBggqhkjOPQQDAjCBgjELMAkGA1UEBhMCVVMxETAP
+BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
+bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
+DA93d3cuZXhhbXBsZS5jb20wIBcNMjQwMzAxMDY0NTA4WhgPMzAyMzA3MDMwNjQ1
+MDhaMIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcM
+CE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRl
+c3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTBZMBMGByqG
+SM49AgEGCCqGSM49AwEHA0IABPkfJY7a758L6ES/WRTObOP6WuhFM3pZk7K06vjf
+3A72cAAjHbQ+W8uzFtFmQsNnrXBcRIb26KZMLGdRMWWv2b2jQjBAMB0GA1UdDgQW
+BBSHSKIzEh9RXJPmkEBKLKue1hnlrTAfBgNVHSMEGDAWgBTP5t03K0yyuanydTAc
+qrE3GxF/GzAKBggqhkjOPQQDAgNHADBEAiA/fduC6XJ8RGH2FCk0V7YDjAQCC3Vg
+Cxv0F/nTvM9ZlAIgW5x5vOhKRXEb1ak8j7SsX8ZO9aBYyLqs91dmOnHM2XM=
+-----END CERTIFICATE-----`
+
+	NocRootCert1Subject       = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ=="
 	NocRootCert1SubjectKeyID  = "44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7:2B:B9:83:26"
-	NocRootCert1SerialNumber  = "217369606639495620450806539821422258966012867792"
-	NocRootCert1SubjectAsText = "CN=NOC-1,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU"
+	NocRootCert1SerialNumber  = "1"
+	NocRootCert1SubjectAsText = "CN=www.example.com,OU=Testing Division,O=Example Company,L=New York,ST=New York,C=US"
 
-	NocRootCert2Subject       = "MFUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDjAMBgNVBAMMBU5PQy0y"
+	NocRootCert2Subject       = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ=="
 	NocRootCert2SubjectKeyID  = "CF:E6:DD:37:2B:4C:B2:B9:A9:F2:75:30:1C:AA:B1:37:1B:11:7F:1B"
-	NocRootCert2SerialNumber  = "720401643293243343104681760462974770802745092176"
-	NocRootCert2SubjectAsText = "CN=NOC-2,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU"
+	NocRootCert2SerialNumber  = "2"
+	NocRootCert2SubjectAsText = "CN=www.example.com,OU=Testing Division,O=Example Company,L=New York,ST=New York,C=US"
 
 	NocRootCert3Subject       = "MFUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDjAMBgNVBAMMBU5PQy0z"
 	NocRootCert3SubjectKeyID  = "88:0D:06:D9:64:22:29:34:78:7F:8C:3B:AE:F5:08:93:86:8F:0D:20"
 	NocRootCert3SerialNumber  = "38457288443253426021793906708335409501754677187"
 	NocRootCert3SubjectAsText = "CN=NOC-3,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU"
+
+	NocCert1Subject       = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ=="
+	NocCert1SubjectKeyID  = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3"
+	NocCert1SerialNumber  = "3"
+	NocCert1SubjectAsText = "CN=www.example.com,OU=Testing Division,O=Example Company,L=New York,ST=New York,C=US"
+
+	NocCert2Subject       = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ=="
+	NocCert2SubjectKeyID  = "87:48:A2:33:12:1F:51:5C:93:E6:90:40:4A:2C:AB:9E:D6:19:E5:AD"
+	NocCert2SerialNumber  = "4"
+	NocCert2SubjectAsText = "CN=www.example.com,OU=Testing Division,O=Example Company,L=New York,ST=New York,C=US"
 )

proto/pki/genesis.proto

@@ -15,6 +15,7 @@ import "pki/pki_revocation_distribution_point.proto";
 import "pki/pki_revocation_distribution_points_by_issuer_subject_key_id.proto";
 import "pki/approved_certificates_by_subject_key_id.proto";
 import "pki/noc_root_certificates.proto";
+import "pki/noc_certificates.proto";
 // this line is used by starport scaffolding # genesis/proto/import
 import "gogoproto/gogo.proto";
 
@@ -36,5 +37,6 @@ message GenesisState {
   repeated PkiRevocationDistributionPointsByIssuerSubjectKeyID PkiRevocationDistributionPointsByIssuerSubjectKeyIDList = 12 [(gogoproto.nullable) = false];
   repeated ApprovedCertificatesBySubjectKeyId approvedCertificatesBySubjectKeyIdList = 13 [(gogoproto.nullable) = false];
   repeated NocRootCertificates nocRootCertificatesList = 14 [(gogoproto.nullable) = false];
+  repeated NocCertificates nocCertificatesList = 15 [(gogoproto.nullable) = false];
   // this line is used by starport scaffolding # genesis/proto/state
 }

proto/pki/noc_certificates.proto

@@ -0,0 +1,12 @@
+syntax = "proto3";
+package zigbeealliance.distributedcomplianceledger.pki;
+
+option go_package = "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types";
+
+import "gogoproto/gogo.proto";
+import "pki/certificate.proto";
+
+message NocCertificates {
+  int32 vid = 1 [(gogoproto.moretags) = "validate:\"gte=1,lte=65535\""]; 
+  repeated Certificate certs = 2;
+}

proto/pki/query.proto

@@ -15,6 +15,7 @@ import "pki/rejected_certificate.proto";
 import "pki/pki_revocation_distribution_point.proto";
 import "pki/pki_revocation_distribution_points_by_issuer_subject_key_id.proto";
 import "pki/noc_root_certificates.proto";
+import "pki/noc_certificates.proto";
 // this line is used by starport scaffolding # 1
 import "gogoproto/gogo.proto";
 
@@ -120,6 +121,16 @@ service Query {
 		option (google.api.http).get = "/dcl/pki/noc-root-certificates";
 	}
 
+// Queries a NocCertificates by index.
+	rpc NocCertificates(QueryGetNocCertificatesRequest) returns (QueryGetNocCertificatesResponse) {
+		option (google.api.http).get = "/dcl/pki/noc-certificates/{vid}";
+	}
+
+	// Queries a list of NocCertificates items.
+	rpc NocCertificatesAll(QueryAllNocCertificatesRequest) returns (QueryAllNocCertificatesResponse) {
+		option (google.api.http).get = "/dcl/pki/noc-certificates";
+	}
+
 // this line is used by starport scaffolding # 2
 }
 
@@ -278,7 +289,7 @@ message QueryGetPkiRevocationDistributionPointsByIssuerSubjectKeyIDResponse {
 }
 
 message QueryGetNocRootCertificatesRequest {
-	  uint64 vid = 1;
+	  int32 vid = 1;
 
 }
 
@@ -295,4 +306,21 @@ message QueryAllNocRootCertificatesResponse {
 	cosmos.base.query.v1beta1.PageResponse pagination = 2;
 }
 
+message QueryGetNocCertificatesRequest {
+	  int32 vid = 1;
+}
+
+message QueryGetNocCertificatesResponse {
+	NocCertificates nocCertificates = 1 [(gogoproto.nullable) = false];
+}
+
+message QueryAllNocCertificatesRequest {
+	cosmos.base.query.v1beta1.PageRequest pagination = 1;
+}
+
+message QueryAllNocCertificatesResponse {
+	repeated NocCertificates nocCertificates = 1 [(gogoproto.nullable) = false];
+	cosmos.base.query.v1beta1.PageResponse pagination = 2;
+}
+
 // this line is used by starport scaffolding # 3

proto/pki/tx.proto

@@ -23,6 +23,7 @@ service Msg {
   rpc AssignVid(MsgAssignVid) returns (MsgAssignVidResponse);
   rpc AddNocX509RootCert(MsgAddNocX509RootCert) returns (MsgAddNocX509RootCertResponse);
   rpc RemoveX509Cert(MsgRemoveX509Cert) returns (MsgRemoveX509CertResponse);
+  rpc AddNocX509Cert(MsgAddNocX509Cert) returns (MsgAddNocX509CertResponse);
 // this line is used by starport scaffolding # proto/tx/rpc
 }
 
@@ -178,4 +179,12 @@ message MsgRemoveX509Cert {
 message MsgRemoveX509CertResponse {
 }
 
+message MsgAddNocX509Cert {
+  string signer = 1 [(cosmos_proto.scalar) = "cosmos.AddressString", (gogoproto.moretags) = "validate:\"required\""];
+  string cert = 2 [(gogoproto.moretags) = "validate:\"required,max=10485760\""];
+}
+
+message MsgAddNocX509CertResponse {
+}
+
 // this line is used by starport scaffolding # proto/tx/message

scripts/starport/upgrade-0.44/07.pki_types.sh

@@ -18,6 +18,7 @@ starport scaffold --module pki message add-pki-revocation-distribution-point vid
 starport scaffold --module pki message update-pki-revocation-distribution-point vid:uint label crlSignerCertificate issuerSubjectKeyID dataURL dataFileSize:uint dataDigest dataDigestType:uint --signer signer
 starport scaffold --module pki message delete-pki-revocation-distribution-point vid:uint label issuerSubjectKeyID --signer signer
 starport scaffold --module pki message AddNocX509RootCert  cert --signer signer
+starport scaffold --module pki message AddNocX509Cert  cert --signer signer
 
 # CRUD data types
 starport scaffold --module pki map ApprovedCertificates certs:strings --index subject,subjectKeyId --no-message
@@ -35,6 +36,7 @@ starport scaffold --module pki map ApprovedCertificatesBySubjectKeyId certs:stri
 starport scaffold --module pki map RejectedCertificate pemCert serialNumber owner approvals:strings --index subject,subjectKeyId --no-message
 #starport scaffold --module pki map AllProposedCertificates --index subject,subjectKeyId --no-message
 starport scaffold --module pki map NocRootCertificates certs:strings --index vid:uint --no-message
+starport scaffold --module pki map NocCertificates certs:strings --index vid:uint --no-message
 
 # Allow colons (:) in subject ID part in REST URLs
 # TODO: need to copy the generated query.pb.gw.go into the correct folder

types/pki/errors.go

@@ -194,6 +194,12 @@ func NewErrProvidedNocCertButExistingNotNoc(subject string, subjectKeyID string)
 		subject, subjectKeyID)
 }
 
+func NewErrRootOfNocCertIsNotNoc(subject string, subjectKeyID string) error {
+	return sdkerrors.Wrapf(ErrInappropriateCertificateType,
+		"Root of the provided certificate with subject (%v) and subjectKeyID (%v) is not a NOC certificate",
+		subject, subjectKeyID)
+}
+
 func NewErrProvidedNotNocCertButExistingNoc(subject string, subjectKeyID string) error {
 	return sdkerrors.Wrapf(ErrInappropriateCertificateType,
 		"The existing certificate with the same combination of subject (%v) and subjectKeyID (%v) is a NOC certificate",