Skip to content

Commit

Permalink
Merge pull request #617 from zigbee-alliance/certificates-by-skid
Browse files Browse the repository at this point in the history 
Added index for all certificates by subject key id
  • Loading branch information
@ashcherbakov
ashcherbakov authored Nov 19, 2024
2 parents d2a1af3 + 8eac7f5 commit c76de5c
Show file tree
Hide file tree
Showing 56 changed files with 1,956 additions and 840 deletions.
4 changes: 4 additions & 0 deletions docs/static/openapi.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9435,6 +9435,10 @@ paths:
in: query
required: false
type: boolean
- name: subjectKeyId
in: query
required: false
type: string
tags:
- Query
/dcl/pki/all-certificates/{subject}:
Expand Down
3 changes: 2 additions & 1 deletion docs/transactions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,8 @@ Please make sure that TLS is enabled in gRPC, REST or Light Client Proxy for sec
| **GLOBAL - Work for all certificate types (DA, NOC)** | |
| [GET_CERT](transactions/pki.md#get_cert) <br><br> Gets a certificate (PAA, PAI, RCAC, ICAC) | CLI `dcld query pki cert --subject=<base64 string> --subject-key-id=<hex string>` <br><br> GET `/dcl/pki/all-certificates/{subject}/{subject_key_id}` |
| [GET_ALL_CERTS](transactions/pki.md#get_all_certs) <br><br> Gets all certificates (PAA, PAI, RCAC, ICAC) | CLI `dcld query pki all-certs` <br><br> GET `/dcl/pki/all-certificates` |
| [GET_ALL_CERTS_BY_SUBJECT](transactions/pki.md#get_all_certs_by_subject) <br><br> | CLI `dcld query pki all-subject-certs --subject=<base64 string>` <br><br> GET `/dcl/pki/all-certificates/{subject}` |
| [GET_ALL_CERTS_BY_SUBJECT](transactions/pki.md#get_all_certs_by_subject) <br><br> Gets all certificates associated with a subject (PAA, PAI, RCAC, ICAC) | CLI `dcld query pki all-subject-certs --subject=<base64 string>` <br><br> GET `/dcl/pki/all-certificates/{subject}` |
| [GET_ALL_CERTS_BY_SKID](transactions/pki.md#get_all_certs_by_skid) <br><br> Gets all certificates by the given subject key ID (PAA, PAI, RCAC, ICAC) | CLI `dcld query pki cert --subject-key-id=<hex string>` <br><br> GET `/dcl/pki/all-certificates?subjectKeyId={subjectKeyId}` |
| [GET_CHILD_CERTS](transactions/pki.md#get_child_certs) <br><br> Gets all child certificates for the given certificate (PAA, PAI, RCAC, ICAC) | CLI `dcld query pki all-child-x509-certs --subject=<base64 string> --subject-key-id=<hex string>` <br><br> GET `/dcl/pki/child-certificates/{subject}/{subject_key_id}` |
| **DA - Work for DA certificate types (PAA, PAI)** | |
| [PROPOSE_ADD_PAA](transactions/pki.md#propose_add_paa) <br><br> Proposes a new PAA (self-signed root certificate) | CLI `dcld tx pki propose-add-x509-root-cert --certificate=<string-or-path>` <br><br> POST `/cosmos/tx/v1beta1/txs`([MsgProposeAddX509RootCert](https://github.com/zigbee-alliance/distributed-compliance-ledger/blob/master/proto/zigbeealliance/distributedcomplianceledger/pki/tx.proto#L34)) |
Expand Down
18 changes: 18 additions & 0 deletions docs/transactions/pki.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,24 @@ Use [GET_ALL_REVOKED_NOC_ICA_CERTS](#get_all_revoked_noc_ica-icacs) to get a lis
- REST API:
- GET `/dcl/pki/all-certificates/{subject}`

#### GET_ALL_CERTS_BY_SKID

**Status: Implemented**

Gets all certificates by the given subject key ID attribute. This query works for all types certificates (PAA, PAI, RCAC, ICAC).

Revoked certificates are not returned.
Use [GET_ALL_REVOKED_DA_CERTS](#get_all_revoked_da_certs) to get a list of all revoked DA certificates.
Use [GET_ALL_REVOKED_NOC_ROOT_CERTS](#get_all_revoked_noc_root-rcacs) to get a list of all revoked Noc Root certificates.
Use [GET_ALL_REVOKED_NOC_ICA_CERTS](#get_all_revoked_noc_ica-icacs) to get a list of all revoked Noc ICA certificates.

- Parameters:
- subject_key_id: `string` - certificates's `Subject Key Id` in hex string format, e.g: `5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB`
- CLI command:
- `dcld query pki cert --subject-key-id=<hex string>`
- REST API:
- GET `/dcl/pki/all-certificates?subjectKeyId={subjectKeyId}`

#### GET_CHILD_CERTS

**Status: Implemented**
Expand Down
35 changes: 35 additions & 0 deletions integration_tests/cli/pki-combine-certs.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,41 @@ response_does_not_contain "$result" "\"subjectKeyId\": \"$da_root_subject_key_id

test_divider

echo "Request certificates by subject key id"
echo "Request DA certificate using global command"
result=$(dcld query pki cert --subject-key-id="$da_root_subject_key_id")
echo $result | jq
check_response "$result" "\"subjectKeyId\": \"$da_root_subject_key_id\""

echo "Request NOC certificate using global command"
result=$(dcld query pki cert --subject-key-id="$noc_root_subject_key_id")
echo $result | jq
check_response "$result" "\"subjectKeyId\": \"$noc_root_subject_key_id\""

echo "Request DA certificate"
result=$(dcld query pki x509-cert --subject-key-id="$da_root_subject_key_id")
echo $result | jq
check_response "$result" "\"subjectKeyId\": \"$da_root_subject_key_id\""

echo "Request NOC certificate using DA command (must be empty)"
result=$(dcld query pki x509-cert --subject="$noc_root_subject" --subject-key-id="$noc_root_subject_key_id")
echo $result | jq
check_response "$result" "Not Found"
response_does_not_contain "$result" "\"subjectKeyId\": \"$noc_root_subject_key_id\""

echo "Request NOC Root certificate"
result=$(dcld query pki noc-x509-cert --subject="$noc_root_subject" --subject-key-id="$noc_root_subject_key_id")
echo $result | jq
check_response "$result" "\"subjectKeyId\": \"$noc_root_subject_key_id\""

echo "Request DA certificate using NOC command (must be empty)"
result=$(dcld query pki noc-x509-cert --subject="$da_root_subject" --subject-key-id="$da_root_subject_key_id")
echo $result | jq
check_response "$result" "Not Found"
response_does_not_contain "$result" "\"subjectKeyId\": \"$da_root_subject_key_id\""

test_divider

echo "Request DA certificates by subject using global command"
result=$(dcld query pki all-subject-certs --subject=$da_root_subject)
echo $result | jq
Expand Down
Loading

0 comments on commit c76de5c

Please sign in to comment.