Merge pull request #504 from zigbee-alliance/497_improve_test_and_cle…

…anup

Fix the issue with PID parsing and improve tests

- #497: Improve tests for PKI RevocationDistributionPoints

integration_tests/cli/pki-assign-vid.sh

@@ -27,4 +27,4 @@ echo "Assing VID"
 result=$(dcld tx pki assign-vid --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --vid="$root_cert_vid" --from $vendor_admin_account --yes)
 check_response "$result" "vid is not empty"
 
-test_divider
+test_divider

integration_tests/cli/pki-revocation-points.sh

@@ -13,8 +13,18 @@ paa_cert_with_numeric_vid1_path="integration_tests/constants/paa_cert_numeric_vi
 paa_cert_with_numeric_vid1_subject="MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBEZGRjI="
 paa_cert_with_numeric_vid1_subject_key_id="7F:1D:AA:F2:44:98:B9:86:68:0E:A0:8F:C1:89:21:E8:48:48:9D:17"
 
+pai_cert_vid_path="integration_tests/constants/pai_cert_vid"
+pai_cert_with_numeric_vid_path="integration_tests/constants/pai_cert_numeric_vid"
 pai_cert_with_numeric_vid_pid_path="integration_tests/constants/pai_cert_numeric_vid_pid"
 
+root_cert_path="integration_tests/constants/root_cert"
+root_cert_subject="MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh"
+root_cert_subject_key_id="5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB"
+
+test_root_cert_path="integration_tests/constants/test_root_cert"
+test_root_cert_subject="MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBDEyNUQ="
+test_root_cert_subject_key_id="E2:90:8D:36:9C:3C:A3:C1:13:BB:09:E2:4D:C1:CC:C5:A6:66:91:D4"
+
 trustee_account="jack"
 second_trustee_account="alice"
 third_trustee_account="bob"
@@ -24,11 +34,12 @@ second_trustee_account_address=$(echo $passphrase | dcld keys show alice -a)
 third_trustee_account_address=$(echo $passphrase | dcld keys show bob -a)
 
 label="label"
+label_pai="label_pai"
 vid=65521
 vid_65522=65522
-vid_non_vid_scoped=1004
+vid_non_vid_scoped=4701
 label_non_vid_scoped="label2"
-pid=8
+pid=32768
 data_url="https://url.data.dclmodel"
 data_url_non_vid_scoped="https://url.data.dclmodel2"
 issuer_subject_key_id="5A880E6C3653D07FB08971A3F473790930E62BDB"
@@ -114,6 +125,20 @@ check_response "$result" "\"code\": 0"
 result=$(echo "$passphrase" | dcld tx pki approve-add-x509-root-cert --subject="$paa_cert_no_vid_subject" --subject-key-id="$paa_cert_no_vid_subject_key_id" --from $second_trustee_account --yes)
 check_response "$result" "\"code\": 0"
 
+echo "Trustees add root cert"
+result=$(echo "$passphrase" | dcld tx pki propose-add-x509-root-cert --certificate="$root_cert_path" --vid $vid --from $trustee_account --yes)
+check_response "$result" "\"code\": 0"
+result=$(echo "$passphrase" | dcld tx pki approve-add-x509-root-cert --subject="$root_cert_subject" --subject-key-id="$root_cert_subject_key_id" --from $second_trustee_account --yes)
+check_response "$result" "\"code\": 0"
+
+echo "Trustees add test root cert"
+result=$(echo "$passphrase" | dcld tx pki propose-add-x509-root-cert --certificate="$test_root_cert_path" --vid $vid_non_vid_scoped --from $trustee_account --yes)
+check_response "$result" "\"code\": 0"
+result=$(echo "$passphrase" | dcld tx pki approve-add-x509-root-cert --subject="$test_root_cert_subject" --subject-key-id="$test_root_cert_subject_key_id" --from $second_trustee_account --yes)
+check_response "$result" "\"code\": 0"
+
+test_divider
+
 echo "7. ADD REVOCATION POINT FOR PAA WHEN CRL SIGNER CERTIFICATE PEM VALUE IS NOT EQUAL TO STORED CERTIFICATE PEM VALUE"
 
 result=$(dcld tx pki add-revocation-point --vid=$vid_65522 --is-paa="true" --certificate="$paa_cert_with_numeric_vid1_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --revocation-type=1 --from=$vendor_account_65522 --yes)
@@ -162,6 +187,8 @@ result=$(dcld tx pki add-revocation-point --vid=$vid --is-paa="true" --certifica
 response_does_not_contain "$result" "\"code\": 0"
 echo $result
 
+test_divider
+
 echo "10. ADD REVOCATION POINT FOR NON-VID-SCOPED PAA"
 
 result=$(dcld tx pki add-revocation-point --vid=$vid_non_vid_scoped --is-paa="true" --certificate="$paa_cert_no_vid_path" --label="$label_non_vid_scoped" --data-url="$data_url_non_vid_scoped" --issuer-subject-key-id=$issuer_subject_key_id --revocation-type=1 --from=$vendor_account_non_vid_scoped --yes)
@@ -189,16 +216,51 @@ check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\""
 response_does_not_contain "$result" "\"label\": \"$label\""
 response_does_not_contain  "$result" "\"vid\": $vid"
 
+test_divider
+
 echo "11. ADD REVOCATION POINT FOR PAI"
 
-# TBD
+result=$(dcld tx pki add-revocation-point --vid=$vid_65522 --is-paa="false" --certificate="$pai_cert_with_numeric_vid_path" --label="$label_pai" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --revocation-type=1 --from=$vendor_account_65522 --yes)
+check_response "$result" "\"code\": 0"
+echo $result
+
+result=$(dcld query pki all-revocation-points)
+check_response "$result" "\"vid\": $vid"
+check_response "$result" "\"label\": \"$label\""
+check_response "$result" "\"vid\": $vid_non_vid_scoped"
+check_response "$result" "\"label\": \"$label_non_vid_scoped\""
+check_response "$result" "\"vid\": $vid_65522"
+check_response "$result" "\"label\": \"$label_pai\""
+check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\""
+
+result=$(dcld query pki revocation-points --issuer-subject-key-id=$issuer_subject_key_id)
+check_response "$result" "\"vid\": $vid"
+check_response "$result" "\"label\": \"$label\""
+check_response "$result" "\"vid\": $vid_non_vid_scoped"
+check_response "$result" "\"label\": \"$label_non_vid_scoped\""
+check_response "$result" "\"vid\": $vid_65522"
+check_response "$result" "\"label\": \"$label_pai\""
+check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\""
+
+result=$(dcld query pki revocation-point --vid=$vid_65522 --label=$label_pai --issuer-subject-key-id=$issuer_subject_key_id)
+check_response "$result" "\"vid\": $vid_65522"
+check_response "$result" "\"label\": \"$label_pai\""
+check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\""
+response_does_not_contain "$result" "\"vid\": $vid"
+response_does_not_contain "$result" "\"label\": \"$label\""
+response_does_not_contain "$result" "\"vid\": \"$label_non_vid_scoped\""
+response_does_not_contain "$result" "\"label\": \"$vid_non_vid_scoped\""
+
+test_divider
 
 echo "12. UPDATE REVOCATION POINT WHEN POINT NOT FOUND"
 
 result=$(dcld tx pki update-revocation-point --vid=$vid_65522 --certificate="$pai_cert_with_numeric_vid_pid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_65522 --yes)
 response_does_not_contain "$result" "\"code\": 0"
 echo $result
 
+test_divider
+
 echo "13. UPDATE REVOCATION POINT FOR PAA WHEN NEW CERT IS NOT PAA"
 
 result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$pai_cert_with_numeric_vid_pid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account --yes)
@@ -233,24 +295,64 @@ test_divider
 
 echo "17. UPDATE REVOCATION POINT FOR VID-SCOPED PAA"
 
-# TBD
+result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$root_cert_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account --yes)
+check_response "$result" "\"code\": 0"
+echo $result
+
+result=$(dcld query pki revocation-point --vid=$vid --label=$label --issuer-subject-key-id=$issuer_subject_key_id)
+check_response "$result" "\"CrlSignerCertificate\": $(<$root_cert_path)"
+check_response "$result" "\"vid\": $vid"
+check_response "$result" "\"label\": \"$label\""
+check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\""
+
+test_divider
 
 echo "18. UPDATE REVOCATION POINT FOR NON-VID SCOPED PAA"
 
-# TBD
+result=$(dcld tx pki update-revocation-point --vid=$vid_non_vid_scoped --certificate="$test_root_cert_path" --label="$label_non_vid_scoped" --data-url="$data_url_non_vid_scoped" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_non_vid_scoped --yes)
+check_response "$result" "\"code\": 0"
+echo $result
+
+result=$(dcld query pki revocation-point --vid=$vid_non_vid_scoped --label=$label_non_vid_scoped --issuer-subject-key-id=$issuer_subject_key_id)
+check_response "$result" "\"CrlSignerCertificate\": $(<$test_root_cert_path)"
+check_response "$result" "\"vid\": $vid_non_vid_scoped"
+check_response "$result" "\"label\": \"$label_non_vid_scoped\""
+check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\""
+
+test_divider
 
 echo "19. UPDATE REVOCATION POINT FOR PAI"
 
-# TBD
+result=$(dcld tx pki update-revocation-point --vid=$vid_65522 --certificate="$pai_cert_vid_path" --label="$label_pai" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_65522 --yes)
+check_response "$result" "\"code\": 0"
+echo $result
+
+result=$(dcld query pki revocation-point --vid=$vid_65522 --label=$label_pai --issuer-subject-key-id=$issuer_subject_key_id)
+check_response "$result" "\"CrlSignerCertificate\": $(<$pai_cert_vid_path)"
+check_response "$result" "\"vid\": $vid_65522"
+check_response "$result" "\"label\": \"$label_pai\""
+check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\""
+
+test_divider
 
 echo "20. DELETE REVOCATION PAA"
 
 result=$(dcld tx pki delete-revocation-point --vid=$vid --label="$label" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account --yes)
 check_response "$result" "\"code\": 0"
 echo $result
 
+result=$(dcld query pki revocation-point --vid=$vid --label=$label --issuer-subject-key-id=$issuer_subject_key_id)
+check_response "$result" "Not Found"
+
+test_divider
+
 echo "21. DELETE REVOCATION PAI"
 
-# TBD
+result=$(dcld tx pki delete-revocation-point --vid=$vid_65522 --label="$label_pai" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_65522 --yes)
+check_response "$result" "\"code\": 0"
+echo $result
+
+result=$(dcld query pki revocation-point --vid=$vid_65522 --label=$label_pai --issuer-subject-key-id=$issuer_subject_key_id)
+check_response "$result" "Not Found"
 
 test_divider

integration_tests/constants/constants.go

@@ -309,6 +309,8 @@ CU3r1RXsbs8zuBEVIl8yUogwHwYDVR0jBBgwFoAUav0idx9RH+y/FkGXZxDc3DGh
 cX4wCgYIKoZIzj0EAwIDSAAwRQIhAJbJyM8uAYhgBdj1vHLAe3X9mldpWsSRETET
 i+oDPOUDAiAlVJQ75X1T1sR199I+v8/CA2zSm6Y5PsfvrYcUq3GCGQ==
 -----END CERTIFICATE-----`
+	PAICertWithNumericPidVidVid = 65521
+	PAICertWithNumericPidVidPid = 32768
 
 	PAICertWithPidVid = `
 -----BEGIN CERTIFICATE-----
@@ -322,6 +324,8 @@ bs2MFL6AtBCu5AKj8jMX5zQGdDAfBgNVHSMEGDAWgBR4XOcFuGuPTm/Hk6pgy0Pq
 aWiC1TAKBggqhkjOPQQDAgNIADBFAiEA7+WO/UkVZ4DGULOTLIItVhG7rC+mnqJI
 fAuwib9kCRACIFaMCdDo/n+E+hOBXDXVemlbz0znMaLn/KcquoxDIfb7
 -----END CERTIFICATE-----`
+	PAICertWithPidVidVid = 65522
+	PAICertWithPidVidPid = 32772
 
 	PAICertWithNumericVid = `
 -----BEGIN CERTIFICATE-----
@@ -347,6 +351,7 @@ Mz+1E3PXCBdWMB8GA1UdIwQYMBaAFHhc5wW4a49Ob8eTqmDLQ+ppaILVMAoGCCqG
 SM49BAMCA0cAMEQCIHZQ4Yv8BJhq6w3Gjhu8AZlvRLSwNLDYDI2UpothBjIDAiB4
 /ryct/QEzO8ZXM8eywlUQ4vlpZ10iumuMTkNmxJb/g==
 -----END CERTIFICATE-----`
+	PAICertWithVidVid = 65522
 
 	RootIssuer        = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh"
 	RootSubject       = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh"

integration_tests/constants/pai_cert_numeric_vid

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBqDCCAU6gAwIBAgIIPXS7VllxEBwwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFBMCAXDTIxMDYyODE0MjM0M1oYDzk5OTkxMjMxMjM1OTU5
+WjAwMRgwFgYDVQQDDA9NYXR0ZXIgVGVzdCBQQUkxFDASBgorBgEEAYKifAIBDARG
+RkYyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2L+TR5LPjq7awk/8lmyRdiD7
+ly+6uY7G1RMUoHrpjhoD+0GR0m4tEny5UnYhw26XOhhsVtDK2ZmwQcJwqbHLP6Nm
+MGQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FGE90Ic1XvCLrgHkxpqPxz2sjH39MB8GA1UdIwQYMBaAFHhc5wW4a49Ob8eTqmDL
+Q+ppaILVMAoGCCqGSM49BAMCA0gAMEUCIQDfwJ3oS/qVbWDW/vTirREL3iIqMogw
+pn4/F7keUYUaeAIgce2XGOSIsrjPlUQ1zj/zLqUFVhQ8TyycBaIK8z7Uytk=
+-----END CERTIFICATE-----