Merge pull request #616 from zigbee-alliance/refactoring

Refactored PKI Keeper to reduce code duplication
zigbee-alliance · Nov 22, 2024 · 01fdfc3 · 01fdfc3
2 parents c76de5c + f06d87f
commit 01fdfc3
Show file tree

Hide file tree

Showing 44 changed files with 1,999 additions and 1,032 deletions.
diff --git a/integration_tests/constants/noc_constants.go b/integration_tests/constants/noc_constants.go
@@ -129,6 +129,7 @@ BAMCA0kAMEYCIQDzsjB569j1SsltNIP8CMTD4kRsTulqSp+O7JbQdWyzPAIhAODV
 zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj
 -----END CERTIFICATE-----`
 
+	NocRootCert1Issuer        = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMQ=="
 	NocRootCert1Subject       = "MHoxCzAJBgNVBAYTAlVaMRMwEQYDVQQIDApTb21lIFN0YXRlMREwDwYDVQQHDAhUYXNoa2VudDEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMQ4wDAYDVQQDDAVOT0MtMQ=="
 	NocRootCert1SubjectKeyID  = "44:EB:4C:62:6B:25:48:CD:A2:B3:1C:87:41:5A:08:E7:2B:B9:83:26"
 	NocRootCert1SerialNumber  = "47211865327720222621302679792296833381734533449"
@@ -149,11 +150,12 @@ zodhpBXZfzhHDvINejK8wzwWgf7Ds8wk3oENlmAj
 	NocRootCert3SerialNumber  = "38457288443253426021793906708335409501754677187"
 	NocRootCert3SubjectAsText = "CN=NOC-3,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU"
 
-	NocCert1Subject       = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ=="
-	NocCert1Issuer        = NocRootCert1Subject
-	NocCert1SubjectKeyID  = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3"
-	NocCert1SerialNumber  = "631388393741945881054190991612463928825155142122"
-	NocCert1SubjectAsText = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
+	NocCert1Subject        = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ=="
+	NocCert1Issuer         = NocRootCert1Subject
+	NocCert1AuthorityKeyID = NocRootCert1SubjectKeyID
+	NocCert1SubjectKeyID   = "02:72:6E:BC:BB:EF:D6:BD:8D:9B:42:AE:D4:3C:C0:55:5F:66:3A:B3"
+	NocCert1SerialNumber   = "631388393741945881054190991612463928825155142122"
+	NocCert1SubjectAsText  = "CN=NOC-child-1,OU=Testing Division,O=Example Company,L=Some State,ST=Some State,C=UZ"
 
 	NocCert1CopySubject       = "MIGCMQswCQYDVQQGEwJVWjETMBEGA1UECAwKU29tZSBTdGF0ZTETMBEGA1UEBwwKU29tZSBTdGF0ZTEYMBYGA1UECgwPRXhhbXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRQwEgYDVQQDDAtOT0MtY2hpbGQtMQ=="
 	NocCert1CopyIssuer        = NocRootCert1Subject

diff --git a/...ypes/zigbeealliance/distributedcomplianceledger/pki/all_certificates_by_subject_key_id.ts b/...ypes/zigbeealliance/distributedcomplianceledger/pki/all_certificates_by_subject_key_id.ts
@@ -0,0 +1,99 @@
+/* eslint-disable */
+import _m0 from "protobufjs/minimal";
+import { Certificate } from "./certificate";
+
+export const protobufPackage = "zigbeealliance.distributedcomplianceledger.pki";
+
+export interface AllCertificatesBySubjectKeyId {
+  subjectKeyId: string;
+  certs: Certificate[];
+  schemaVersion: number;
+}
+
+function createBaseAllCertificatesBySubjectKeyId(): AllCertificatesBySubjectKeyId {
+  return { subjectKeyId: "", certs: [], schemaVersion: 0 };
+}
+
+export const AllCertificatesBySubjectKeyId = {
+  encode(message: AllCertificatesBySubjectKeyId, writer: _m0.Writer = _m0.Writer.create()): _m0.Writer {
+    if (message.subjectKeyId !== "") {
+      writer.uint32(10).string(message.subjectKeyId);
+    }
+    for (const v of message.certs) {
+      Certificate.encode(v!, writer.uint32(18).fork()).ldelim();
+    }
+    if (message.schemaVersion !== 0) {
+      writer.uint32(24).uint32(message.schemaVersion);
+    }
+    return writer;
+  },
+
+  decode(input: _m0.Reader | Uint8Array, length?: number): AllCertificatesBySubjectKeyId {
+    const reader = input instanceof _m0.Reader ? input : new _m0.Reader(input);
+    let end = length === undefined ? reader.len : reader.pos + length;
+    const message = createBaseAllCertificatesBySubjectKeyId();
+    while (reader.pos < end) {
+      const tag = reader.uint32();
+      switch (tag >>> 3) {
+        case 1:
+          message.subjectKeyId = reader.string();
+          break;
+        case 2:
+          message.certs.push(Certificate.decode(reader, reader.uint32()));
+          break;
+        case 3:
+          message.schemaVersion = reader.uint32();
+          break;
+        default:
+          reader.skipType(tag & 7);
+          break;
+      }
+    }
+    return message;
+  },
+
+  fromJSON(object: any): AllCertificatesBySubjectKeyId {
+    return {
+      subjectKeyId: isSet(object.subjectKeyId) ? String(object.subjectKeyId) : "",
+      certs: Array.isArray(object?.certs) ? object.certs.map((e: any) => Certificate.fromJSON(e)) : [],
+      schemaVersion: isSet(object.schemaVersion) ? Number(object.schemaVersion) : 0,
+    };
+  },
+
+  toJSON(message: AllCertificatesBySubjectKeyId): unknown {
+    const obj: any = {};
+    message.subjectKeyId !== undefined && (obj.subjectKeyId = message.subjectKeyId);
+    if (message.certs) {
+      obj.certs = message.certs.map((e) => e ? Certificate.toJSON(e) : undefined);
+    } else {
+      obj.certs = [];
+    }
+    message.schemaVersion !== undefined && (obj.schemaVersion = Math.round(message.schemaVersion));
+    return obj;
+  },
+
+  fromPartial<I extends Exact<DeepPartial<AllCertificatesBySubjectKeyId>, I>>(
+    object: I,
+  ): AllCertificatesBySubjectKeyId {
+    const message = createBaseAllCertificatesBySubjectKeyId();
+    message.subjectKeyId = object.subjectKeyId ?? "";
+    message.certs = object.certs?.map((e) => Certificate.fromPartial(e)) || [];
+    message.schemaVersion = object.schemaVersion ?? 0;
+    return message;
+  },
+};
+
+type Builtin = Date | Function | Uint8Array | string | number | boolean | undefined;
+
+export type DeepPartial<T> = T extends Builtin ? T
+  : T extends Array<infer U> ? Array<DeepPartial<U>> : T extends ReadonlyArray<infer U> ? ReadonlyArray<DeepPartial<U>>
+  : T extends {} ? { [K in keyof T]?: DeepPartial<T[K]> }
+  : Partial<T>;
+
+type KeysOfUnion<T> = T extends T ? keyof T : never;
+export type Exact<P, I extends P> = P extends Builtin ? P
+  : P & { [K in keyof P]: Exact<P[K], I[K]> } & { [K in Exclude<keyof I, KeysOfUnion<P>>]: never };
+
+function isSet(value: any): boolean {
+  return value !== null && value !== undefined;
+}
diff --git a/x/pki/keeper/approved_root_certificates.go b/x/pki/keeper/approved_root_certificates.go
@@ -35,9 +35,14 @@ func (k Keeper) RemoveApprovedRootCertificates(ctx sdk.Context) {
 }
 
 // Add root certificate to the list.
-func (k Keeper) AddApprovedRootCertificate(ctx sdk.Context, certID types.CertificateIdentifier) {
+func (k Keeper) AddApprovedRootCertificate(ctx sdk.Context, certificate types.Certificate) {
 	rootCertificates, _ := k.GetApprovedRootCertificates(ctx)
 
+	certID := types.CertificateIdentifier{
+		Subject:      certificate.Subject,
+		SubjectKeyId: certificate.SubjectKeyId,
+	}
+
 	// Check if the root cert is already there
 	for _, existingCertID := range rootCertificates.Certs {
 		if *existingCertID == certID {
@@ -51,7 +56,16 @@ func (k Keeper) AddApprovedRootCertificate(ctx sdk.Context, certID types.Certifi
 }
 
 // Remove root certificate from the list.
-func (k Keeper) RemoveApprovedRootCertificate(ctx sdk.Context, certID types.CertificateIdentifier) {
+func (k Keeper) RemoveApprovedRootCertificate(
+	ctx sdk.Context,
+	subject string,
+	subjectKeyID string,
+) {
+	certID := types.CertificateIdentifier{
+		Subject:      subject,
+		SubjectKeyId: subjectKeyID,
+	}
+
 	rootCertificates, _ := k.GetApprovedRootCertificates(ctx)
 
 	certIDIndex := -1