diff --git a/types/pki/errors.go b/types/pki/errors.go index 86ca8f115..9ca238801 100644 --- a/types/pki/errors.go +++ b/types/pki/errors.go @@ -4,6 +4,7 @@ package types import ( sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" ) // x/pki module sentinel errors. @@ -22,31 +23,41 @@ var ( ErrNotEmptyPid = sdkerrors.Register(ModuleName, 412, "pid is not empty") ErrNotEmptyVid = sdkerrors.Register(ModuleName, 413, "vid is not empty") ErrRootCertificateIsNotSelfSigned = sdkerrors.Register(ModuleName, 414, "Root certificate is not self-signed") - ErrCRLSignerCertificatePidNotEqualMsgPid = sdkerrors.Register(ModuleName, 415, "CRLSignerCertificate pid does not equal message pid") + ErrCRLSignerCertificatePidNotEqualRevocationPointPid = sdkerrors.Register(ModuleName, 415, "CRLSignerCertificate pid does not equal revocation point pid") ErrCRLSignerCertificateVidNotEqualRevocationPointVid = sdkerrors.Register(ModuleName, 416, "CRLSignerCertificate vid does not equal revocation point pid") - ErrCRLSignerCertificateVidNotEqualMsgVid = sdkerrors.Register(ModuleName, 417, "CRLSignerCertificate vid does not equal message vid") - ErrCRLSignerCertificateVidNotEqualAccountVid = sdkerrors.Register(ModuleName, 418, "CRLSignerCertificate vid does not equal account vid") - ErrNonRootCertificateSelfSigned = sdkerrors.Register(ModuleName, 419, "Intermediate or leaf certificate must not be self-signed") - ErrEmptyDataFileSize = sdkerrors.Register(ModuleName, 420, "empty data file size") - ErrEmptyDataDigest = sdkerrors.Register(ModuleName, 421, "empty data digest") - ErrEmptyDataDigestType = sdkerrors.Register(ModuleName, 422, "empty data digest type") - ErrNotEmptyDataDigestType = sdkerrors.Register(ModuleName, 423, "not empty data digest type") - ErrDataFieldPresented = sdkerrors.Register(ModuleName, 424, "one or more of DataDigest, DataDigestType, DataFileSize fields presented") - ErrWrongSubjectKeyIDFormat = sdkerrors.Register(ModuleName, 425, "wrong SubjectKeyID format") - ErrVidNotFound = sdkerrors.Register(ModuleName, 426, "vid not found") - ErrPidNotFound = sdkerrors.Register(ModuleName, 427, "pid not found") - ErrPemValuesNotEqual = sdkerrors.Register(ModuleName, 428, "pem values of certificates are not equal") - ErrPkiRevocationDistributionPointAlreadyExists = sdkerrors.Register(ModuleName, 429, "pki revocation distribution point already exists") - ErrPkiRevocationDistributionPointDoesNotExists = sdkerrors.Register(ModuleName, 430, "pki revocaition distribution point does not exist") - ErrUnsupportedOperation = sdkerrors.Register(ModuleName, 431, "unsupported operation") - ErrInvalidVidFormat = sdkerrors.Register(ModuleName, 432, "invalid vid format") - ErrInvalidPidFormat = sdkerrors.Register(ModuleName, 433, "invalid pid format") - ErrInvalidDataURLFormat = sdkerrors.Register(ModuleName, 434, "invalid data url format") - ErrCertificateVidNotEqualMsgVid = sdkerrors.Register(ModuleName, 435, "certificate's vid is not equal to the message vid") - ErrMessageVidNotEqualRootCertVid = sdkerrors.Register(ModuleName, 436, "Message vid is not equal to ledger's root certificate vid") - ErrCertNotChainedBack = sdkerrors.Register(ModuleName, 437, "Certificate is not chained back to a root certificate on DCL") + ErrCRLSignerCertificatePidNotEqualMsgPid = sdkerrors.Register(ModuleName, 417, "CRLSignerCertificate pid does not equal message pid") + ErrCRLSignerCertificateVidNotEqualMsgVid = sdkerrors.Register(ModuleName, 418, "CRLSignerCertificate vid does not equal message vid") + ErrMessageVidNotEqualAccountVid = sdkerrors.Register(ModuleName, 419, "Message vid does not equal the account vid") + ErrNonRootCertificateSelfSigned = sdkerrors.Register(ModuleName, 420, "Intermediate or leaf certificate must not be self-signed") + ErrEmptyDataFileSize = sdkerrors.Register(ModuleName, 421, "empty data file size") + ErrEmptyDataDigest = sdkerrors.Register(ModuleName, 422, "empty data digest") + ErrEmptyDataDigestType = sdkerrors.Register(ModuleName, 423, "empty data digest type") + ErrNotEmptyDataDigestType = sdkerrors.Register(ModuleName, 424, "not empty data digest type") + ErrDataFieldPresented = sdkerrors.Register(ModuleName, 425, "one or more of DataDigest, DataDigestType, DataFileSize fields presented") + ErrWrongSubjectKeyIDFormat = sdkerrors.Register(ModuleName, 426, "wrong SubjectKeyID format") + ErrVidNotFound = sdkerrors.Register(ModuleName, 427, "vid not found") + ErrPidNotFound = sdkerrors.Register(ModuleName, 428, "pid not found") + ErrPemValuesNotEqual = sdkerrors.Register(ModuleName, 429, "pem values of certificates are not equal") + ErrPkiRevocationDistributionPointAlreadyExists = sdkerrors.Register(ModuleName, 430, "pki revocation distribution point already exists") + ErrPkiRevocationDistributionPointDoesNotExists = sdkerrors.Register(ModuleName, 431, "pki revocaition distribution point does not exist") + ErrUnsupportedOperation = sdkerrors.Register(ModuleName, 432, "unsupported operation") + ErrInvalidVidFormat = sdkerrors.Register(ModuleName, 433, "invalid vid format") + ErrInvalidPidFormat = sdkerrors.Register(ModuleName, 434, "invalid pid format") + ErrInvalidDataURLFormat = sdkerrors.Register(ModuleName, 435, "invalid data url format") + ErrCertificateVidNotEqualMsgVid = sdkerrors.Register(ModuleName, 436, "certificate's vid is not equal to the message vid") + ErrMessageVidNotEqualRootCertVid = sdkerrors.Register(ModuleName, 437, "Message vid is not equal to ledger's root certificate vid") + ErrCertNotChainedBack = sdkerrors.Register(ModuleName, 438, "Certificate is not chained back to a root certificate on DCL") ) +func NewErrUnauthorizedRole(transactionName string, requiredRole types.AccountRole) error { + return sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, + "%s transaction should be signed by an account with the \"%s\" role", transactionName, requiredRole) +} + +func NewErrInvalidAddress(err error) error { + return sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, "Invalid Address: (%v)", err) +} + func NewErrProposedCertificateAlreadyExists(subject string, subjectKeyID string) error { return sdkerrors.Wrapf(ErrProposedCertificateAlreadyExists, "Proposed X509 root certificate associated with the combination "+ @@ -76,6 +87,14 @@ func NewErrCertificateDoesNotExist(subject string, subjectKeyID string) error { subject, subjectKeyID) } +func NewErrRootCertificateDoesNotExist(subject string, subjectKeyID string) error { + return sdkerrors.Wrapf(ErrCertificateDoesNotExist, + "No X509 root certificate associated with the "+ + "combination of subject=%s and subjectKeyID=%s on the ledger", + subject, subjectKeyID, + ) +} + func NewErrProposedCertificateRevocationAlreadyExists(subject string, subjectKeyID string) error { return sdkerrors.Wrapf(ErrProposedCertificateRevocationAlreadyExists, "Proposed X509 root certificate revocation associated with the combination "+ @@ -107,19 +126,24 @@ func NewErrInvalidCertificate(e interface{}) error { e) } -func NewErrInvalidDataDigestType(e interface{}) error { - return sdkerrors.Wrapf(ErrInvalidDataDigestType, "%v", - e) +func NewErrInvalidDataDigestType(dataDigestType uint32, allowedDataDigestTypes []uint32) error { + return sdkerrors.Wrapf(ErrInvalidDataDigestType, + "Invalid DataDigestType: %d. Supported types are: %v", dataDigestType, allowedDataDigestTypes) } -func NewErrInvalidRevocationType(e interface{}) error { - return sdkerrors.Wrapf(ErrInvalidRevocationType, "%v", - e) +func NewErrInvalidRevocationType(revocationType uint32, allowedRevocationTypes []uint32) error { + return sdkerrors.Wrapf(ErrInvalidRevocationType, + "Invalid RevocationType: %d. Supported types are: %v", revocationType, allowedRevocationTypes) } -func NewErrNotEmptyPid(e interface{}) error { - return sdkerrors.Wrapf(ErrNotEmptyPid, "%v", - e) +func NewErrNotEmptyPidForRootCertificate() error { + return sdkerrors.Wrapf(ErrNotEmptyPid, + "Product ID (pid) must be empty for root certificates") +} + +func NewErrNotEmptyPidForNonRootCertificate() error { + return sdkerrors.Wrapf(ErrNotEmptyPid, + "Product ID (pid) must be empty when it is not found in non-root CRL Signer Certificate") } func NewErrNotEmptyVid(e interface{}) error { @@ -127,19 +151,34 @@ func NewErrNotEmptyVid(e interface{}) error { e) } -func NewErrRootCertificateIsNotSelfSigned(e interface{}) error { - return sdkerrors.Wrapf(ErrRootCertificateIsNotSelfSigned, "%v", - e) +func NewErrRootCertificateIsNotSelfSigned() error { + return sdkerrors.Wrapf( + ErrRootCertificateIsNotSelfSigned, + "Provided root certificate must be self-signed", + ) } -func NewErrCRLSignerCertificatePidNotEqualMsgPid(e interface{}) error { - return sdkerrors.Wrapf(ErrCRLSignerCertificatePidNotEqualMsgPid, "%v", - e) +func NewErrNonRootCertificateSelfSigned() error { + return sdkerrors.Wrapf( + ErrNonRootCertificateSelfSigned, + "Provided non-root certificate must not be self-signed", + ) } -func NewErrCRLSignerCertificateVidNotEqualMsgVid(e interface{}) error { - return sdkerrors.Wrapf(ErrCRLSignerCertificateVidNotEqualMsgVid, "%v", - e) +func NewErrCRLSignerCertificatePidNotEqualMsgPid(certificatePid int32, messagePid int32) error { + return sdkerrors.Wrapf( + ErrCRLSignerCertificatePidNotEqualMsgPid, + "CRL Signer Certificate's pid=%d must be equal to the provided pid=%d in the message", + certificatePid, messagePid, + ) +} + +func NewErrCRLSignerCertificateVidNotEqualMsgVid(certificateVid int32, messageVid int32) error { + return sdkerrors.Wrapf( + ErrCRLSignerCertificateVidNotEqualMsgVid, + "CRL Signer Certificate's vid=%d must be equal to the provided vid=%d in the message", + certificateVid, messageVid, + ) } func NewErrMessageVidNotEqualRootCertVid(vid1 int32, vid2 int32) error { @@ -148,44 +187,47 @@ func NewErrMessageVidNotEqualRootCertVid(vid1 int32, vid2 int32) error { vid1, vid2) } +func NewErrCRLSignerCertificatePidNotEqualRevocationPointPid(certificatePid int32, revocationPointPid int32) error { + return sdkerrors.Wrapf( + ErrCRLSignerCertificatePidNotEqualRevocationPointPid, + "CRL Signer Certificate's pid=%d must be equal to the provided pid=%d in the reovocation point", + certificatePid, revocationPointPid) +} + func NewErrCRLSignerCertificateVidNotEqualRevocationPointVid(vid1 int32, vid2 int32) error { return sdkerrors.Wrapf(ErrCRLSignerCertificateVidNotEqualRevocationPointVid, "CRL Signer Certificate's vid=%d must be equal to the provided vid=%d in the reovocation point", vid1, vid2) } -func NewErrNonRootCertificateSelfSigned(e interface{}) error { - return sdkerrors.Wrapf(ErrNonRootCertificateSelfSigned, "%v", - e) -} - -func NewErrNonEmptyDataDigest(e interface{}) error { - return sdkerrors.Wrapf(ErrEmptyDataFileSize, "%v", - e) +func NewErrNonEmptyDataDigest() error { + return sdkerrors.Wrapf(ErrEmptyDataFileSize, "Data Digest must be provided only if Data File Size is provided") } -func NewErrNotEmptyDataDigestType(e interface{}) error { - return sdkerrors.Wrapf(ErrNotEmptyDataDigestType, "%v", - e) +func NewErrNotEmptyDataDigestType() error { + return sdkerrors.Wrapf(ErrNotEmptyDataDigestType, "Data Digest Type must be provided only if Data Digest is provided") } -func NewErrEmptyDataDigest(e interface{}) error { - return sdkerrors.Wrapf(ErrEmptyDataDigest, "%v", - e) +func NewErrEmptyDataDigest() error { + return sdkerrors.Wrapf(ErrEmptyDataDigest, "Data Digest must be provided if Data File Size is provided") } -func NewErrEmptyDataDigestType(e interface{}) error { - return sdkerrors.Wrapf(ErrEmptyDataDigestType, "%v", - e) +func NewErrEmptyDataDigestType() error { + return sdkerrors.Wrapf(ErrEmptyDataDigestType, "Data Digest Type must be provided if Data Digest is provided") } -func NewErrDataFieldPresented(e interface{}) error { - return sdkerrors.Wrapf(ErrDataFieldPresented, "%v", - e) +func NewErrDataFieldPresented(revocationType uint32) error { + return sdkerrors.Wrapf( + ErrDataFieldPresented, + "Data Digest, Data File Size and Data Digest Type must be omitted for Revocation Type %d", revocationType, + ) } -func NewErrWrongSubjectKeyIDFormat(e interface{}) error { - return sdkerrors.Wrapf(ErrWrongSubjectKeyIDFormat, "%v", - e) +func NewErrWrongSubjectKeyIDFormat() error { + return sdkerrors.Wrapf( + ErrWrongSubjectKeyIDFormat, + "Wrong IssuerSubjectKeyID format. It must consist of even number of uppercase hexadecimal characters ([0-9A-F]), "+ + "with no whitespace and no non-hexadecimal characters", + ) } func NewErrVidNotFound(e interface{}) error { @@ -193,25 +235,54 @@ func NewErrVidNotFound(e interface{}) error { e) } -func NewErrPidNotFound(e interface{}) error { - return sdkerrors.Wrapf(ErrPidNotFound, "%v", - e) +func NewErrPidNotFoundInCertificateButProvidedInRevocationPoint() error { + return sdkerrors.Wrapf( + ErrPidNotFound, + "Product ID (pid) not found in CRL Signer Certificate when it is provided in the revocation point", + ) +} + +func NewErrPidNotFoundInMessage(certificatePid int32) error { + return sdkerrors.Wrapf( + ErrPidNotFound, + "Product ID (pid) must be provided when pid=%d in non-root CRL Signer Certificate", certificatePid, + ) +} + +func NewErrPemValuesNotEqual(subject string, subjectKeyID string) error { + return sdkerrors.Wrapf( + ErrPemValuesNotEqual, + "PEM values of the CRL signer certificate and a certificate found by subject=%s and subjectKeyID=%s are not equal", + subject, subjectKeyID, + ) } -func NewErrPemValuesNotEqual(e interface{}) error { - return sdkerrors.Wrapf(ErrPemValuesNotEqual, "%v", e) +func NewErrPkiRevocationDistributionPointWithVidAndLabelAlreadyExists(vid int32, label string, issuerSubjectKeyID string) error { + return sdkerrors.Wrapf( + ErrPkiRevocationDistributionPointAlreadyExists, + "PKI revocation distribution point associated with vid=%d and label=%s already exist for issuerSubjectKeyID=%s", + vid, label, issuerSubjectKeyID, + ) } -func NewErrPkiRevocationDistributionPointAlreadyExists(e interface{}) error { - return sdkerrors.Wrapf(ErrPkiRevocationDistributionPointAlreadyExists, "%v", e) +func NewErrPkiRevocationDistributionPointWithDataURLAlreadyExists(dataURL string, issuerSubjectKeyID string) error { + return sdkerrors.Wrapf( + ErrPkiRevocationDistributionPointAlreadyExists, + "PKI revocation distribution point associated with dataUrl=%s already exist for issuerSubjectKeyID=%s", + dataURL, issuerSubjectKeyID, + ) } -func NewErrPkiRevocationDistributionPointDoesNotExists(e interface{}) error { - return sdkerrors.Wrapf(ErrPkiRevocationDistributionPointDoesNotExists, "%v", e) +func NewErrPkiRevocationDistributionPointDoesNotExists(vid int32, label string, issuerSubjectKeyID string) error { + return sdkerrors.Wrapf( + ErrPkiRevocationDistributionPointDoesNotExists, + "PKI revocation distribution point associated with vid=%d and label=%s does not exist for issuerSubjectKeyID=%s", + vid, label, issuerSubjectKeyID, + ) } -func NewErrCRLSignerCertificateVidNotEqualAccountVid(e interface{}) error { - return sdkerrors.Wrapf(ErrCRLSignerCertificateVidNotEqualAccountVid, "%v", e) +func NewErrMessageVidNotEqualAccountVid(msgVid int32, accountVid int32) error { + return sdkerrors.Wrapf(ErrMessageVidNotEqualAccountVid, "Message vid=%d is not equal to account vid=%d", msgVid, accountVid) } func NewErrUnsupportedOperation(e interface{}) error { @@ -219,15 +290,15 @@ func NewErrUnsupportedOperation(e interface{}) error { } func NewErrInvalidVidFormat(e interface{}) error { - return sdkerrors.Wrapf(ErrInvalidVidFormat, "%v", e) + return sdkerrors.Wrapf(ErrInvalidVidFormat, "Could not parse vid: %v", e) } func NewErrInvalidPidFormat(e interface{}) error { - return sdkerrors.Wrapf(ErrInvalidPidFormat, "%v", e) + return sdkerrors.Wrapf(ErrInvalidPidFormat, "Could not parse pid: %v", e) } -func NewErrInvalidDataURLFormat(e interface{}) error { - return sdkerrors.Wrapf(ErrInvalidDataURLFormat, "%v", e) +func NewErrInvalidDataURLSchema() error { + return sdkerrors.Wrapf(ErrInvalidDataURLFormat, "Data Url must start with https:// or http://") } func NewErrCertificateVidNotEqualMsgVid(e interface{}) error { diff --git a/x/pki/handler_add_revocation_test.go b/x/pki/handler_add_revocation_test.go index dd8a9d06f..76e0a0ef8 100644 --- a/x/pki/handler_add_revocation_test.go +++ b/x/pki/handler_add_revocation_test.go @@ -41,7 +41,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) { accountVid: testconstants.Vid, accountRole: dclauthtypes.Vendor, addRevocation: createAddRevocationMessageWithPAACertWithNumericVid(accAddress.String()), - err: pkitypes.ErrCRLSignerCertificateVidNotEqualAccountVid, + err: pkitypes.ErrMessageVidNotEqualAccountVid, }, { name: "PAACertNotFound", diff --git a/x/pki/handler_delete_revocation_test.go b/x/pki/handler_delete_revocation_test.go index 605e28333..bc2919b61 100644 --- a/x/pki/handler_delete_revocation_test.go +++ b/x/pki/handler_delete_revocation_test.go @@ -79,7 +79,7 @@ func TestHandler_DeletePkiRevocationDistributionPoint_NegativeCases(t *testing.T Label: label, IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, }, - err: pkitypes.ErrCRLSignerCertificateVidNotEqualAccountVid, + err: pkitypes.ErrMessageVidNotEqualAccountVid, }, { name: "PAISenderVidNotEqualCertVid", @@ -94,7 +94,7 @@ func TestHandler_DeletePkiRevocationDistributionPoint_NegativeCases(t *testing.T Label: label, IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, }, - err: pkitypes.ErrCRLSignerCertificateVidNotEqualAccountVid, + err: pkitypes.ErrMessageVidNotEqualAccountVid, }, } diff --git a/x/pki/handler_update_revocation_test.go b/x/pki/handler_update_revocation_test.go index a214abbad..efb28c739 100644 --- a/x/pki/handler_update_revocation_test.go +++ b/x/pki/handler_update_revocation_test.go @@ -74,7 +74,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T DataURL: testconstants.DataURL, IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, }, - err: pkitypes.ErrCRLSignerCertificateVidNotEqualAccountVid, + err: pkitypes.ErrMessageVidNotEqualAccountVid, }, { name: "PAISenderVidNotEqualCertVid", @@ -91,7 +91,7 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T DataURL: testconstants.DataURL, IssuerSubjectKeyID: testconstants.SubjectKeyIDWithoutColons, }, - err: pkitypes.ErrCRLSignerCertificateVidNotEqualAccountVid, + err: pkitypes.ErrMessageVidNotEqualAccountVid, }, { name: "PAIPidNotFound", diff --git a/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go b/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go index b7a6b0d14..e8b93a245 100644 --- a/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go +++ b/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go @@ -2,10 +2,8 @@ package keeper import ( "context" - "fmt" sdk "github.com/cosmos/cosmos-sdk/types" - sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" @@ -25,27 +23,22 @@ func (k msgServer) AddPkiRevocationDistributionPoint(goCtx context.Context, msg // check if signer has vendor role signerAddr, err := sdk.AccAddressFromBech32(msg.Signer) if err != nil { - return nil, sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, "Invalid Address: (%s)", err) + return nil, pkitypes.NewErrInvalidAddress(err) } signerAccount, _ := k.dclauthKeeper.GetAccountO(ctx, signerAddr) if !k.dclauthKeeper.HasRole(ctx, signerAddr, dclauthtypes.Vendor) { - return nil, sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, - "MsgAddPkiRevocationDistributionPoint transaction should be signed by an account with the \"%s\" role", - dclauthtypes.Vendor, - ) + return nil, pkitypes.NewErrUnauthorizedRole("MsgAddPkiRevocationDistributionPoint", dclauthtypes.Vendor) } // compare VID in message and Vendor acount if msg.Vid != signerAccount.VendorID { - return nil, sdkerrors.Wrap(pkitypes.ErrCRLSignerCertificateVidNotEqualAccountVid, - "MsgAddPkiRevocationDistributionPoint signer must have the same vid as provided in message", - ) + return nil, pkitypes.NewErrMessageVidNotEqualAccountVid(msg.Vid, signerAccount.VendorID) } // check that distribution point doesn't exist yet _, isFound := k.GetPkiRevocationDistributionPoint(ctx, msg.Vid, msg.Label, msg.IssuerSubjectKeyID) if isFound { - return nil, pkitypes.NewErrPkiRevocationDistributionPointAlreadyExists("PKI revocation distribution point already exist") + return nil, pkitypes.NewErrPkiRevocationDistributionPointWithVidAndLabelAlreadyExists(msg.Vid, msg.Label, msg.IssuerSubjectKeyID) } if crlSignerCertificate.IsSelfSigned() { @@ -63,8 +56,7 @@ func (k msgServer) AddPkiRevocationDistributionPoint(goCtx context.Context, msg if isFound { for _, revocationPoint := range revocationList.Points { if revocationPoint.DataURL == msg.DataURL && revocationPoint.Vid == msg.Vid { - return nil, pkitypes.NewErrPkiRevocationDistributionPointAlreadyExists( - fmt.Sprintf("PKI revocation distribution point with DataURL (%s) already exist for IssuerID (%s)", msg.DataURL, msg.IssuerSubjectKeyID)) + return nil, pkitypes.NewErrPkiRevocationDistributionPointWithDataURLAlreadyExists(msg.DataURL, msg.IssuerSubjectKeyID) } } } @@ -94,7 +86,7 @@ func (k msgServer) checkRootCert(ctx sdk.Context, crlSignerCertificate *x509.Cer // find the cert on the ledger approvedCertificates, isFound := k.GetApprovedCertificates(ctx, crlSignerCertificate.Subject, crlSignerCertificate.SubjectKeyID) if !isFound { - return sdkerrors.Wrap(pkitypes.NewErrCertificateDoesNotExist(crlSignerCertificate.Subject, crlSignerCertificate.SubjectKeyID), "CRL signer Certificate must be a root certificate present on the ledger if isPAA = True") + return pkitypes.NewErrRootCertificateDoesNotExist(crlSignerCertificate.Subject, crlSignerCertificate.SubjectKeyID) } // check that it has the same PEM value @@ -107,14 +99,14 @@ func (k msgServer) checkRootCert(ctx sdk.Context, crlSignerCertificate *x509.Cer } } if foundRootCert == nil { - return pkitypes.NewErrPemValuesNotEqual("PEM values of the CRL signer certificate and a certificate found by its Subject and SubjectKeyID are not equal") + return pkitypes.NewErrPemValuesNotEqual(crlSignerCertificate.Subject, crlSignerCertificate.SubjectKeyID) } // check that root cert has the same VID as in the message if it's non-VID scoped // (vid-scoped has been already checked as patr of static validation + equality of PEM values ledgerRootVid, err := x509.GetVidFromSubject(foundRootCert.SubjectAsText) if err != nil { - return sdkerrors.Wrapf(pkitypes.ErrInvalidVidFormat, "Could not parse vid: %s", err) + return pkitypes.NewErrInvalidVidFormat(err) } if ledgerRootVid == 0 && msg.Vid != foundRootCert.Vid { return pkitypes.NewErrMessageVidNotEqualRootCertVid(msg.Vid, foundRootCert.Vid) diff --git a/x/pki/keeper/msg_server_delete_pki_revocation_distribution_point.go b/x/pki/keeper/msg_server_delete_pki_revocation_distribution_point.go index 2789e6345..649541b2c 100644 --- a/x/pki/keeper/msg_server_delete_pki_revocation_distribution_point.go +++ b/x/pki/keeper/msg_server_delete_pki_revocation_distribution_point.go @@ -4,7 +4,6 @@ import ( "context" sdk "github.com/cosmos/cosmos-sdk/types" - sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" @@ -15,26 +14,23 @@ func (k msgServer) DeletePkiRevocationDistributionPoint(goCtx context.Context, m signerAddr, err := sdk.AccAddressFromBech32(msg.Signer) if err != nil { - return nil, sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, "Invalid Address: (%s)", err) + return nil, pkitypes.NewErrInvalidAddress(err) } - signerAccount, _ := k.dclauthKeeper.GetAccountO(ctx, signerAddr) - // check if signer has vendor role if !k.dclauthKeeper.HasRole(ctx, signerAddr, dclauthtypes.Vendor) { - return nil, sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, - "MsgDeletePkiRevocationDistributionPoint transaction should be signed by an account with the \"%s\" role", - dclauthtypes.Vendor, - ) + return nil, pkitypes.NewErrUnauthorizedRole("MsgDeletePkiRevocationDistributionPoint", dclauthtypes.Vendor) } - pkiRevocationDistributionPoint, isFound := k.GetPkiRevocationDistributionPoint(ctx, msg.Vid, msg.Label, msg.IssuerSubjectKeyID) - if !isFound { - return nil, pkitypes.NewErrPkiRevocationDistributionPointDoesNotExists("PKI revocation distribution point does not exist") + // compare VID in message and Vendor acount + signerAccount, _ := k.dclauthKeeper.GetAccountO(ctx, signerAddr) + if signerAccount.VendorID != msg.Vid { + return nil, pkitypes.NewErrMessageVidNotEqualAccountVid(msg.Vid, signerAccount.VendorID) } - if signerAccount.VendorID != pkiRevocationDistributionPoint.Vid { - return nil, pkitypes.NewErrCRLSignerCertificateVidNotEqualAccountVid("CRL signer Certificate's vid must be equal to signer account's vid") + pkiRevocationDistributionPoint, isFound := k.GetPkiRevocationDistributionPoint(ctx, msg.Vid, msg.Label, msg.IssuerSubjectKeyID) + if !isFound { + return nil, pkitypes.NewErrPkiRevocationDistributionPointDoesNotExists(msg.Vid, msg.Label, msg.IssuerSubjectKeyID) } k.RemovePkiRevocationDistributionPoint(ctx, msg.Vid, msg.Label, msg.IssuerSubjectKeyID) diff --git a/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go b/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go index 256407f82..20c60492c 100644 --- a/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go +++ b/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go @@ -2,10 +2,8 @@ package keeper import ( "context" - "fmt" sdk "github.com/cosmos/cosmos-sdk/types" - sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/types" @@ -18,27 +16,22 @@ func (k msgServer) UpdatePkiRevocationDistributionPoint(goCtx context.Context, m // check if signer has vendor role signerAddr, err := sdk.AccAddressFromBech32(msg.Signer) if err != nil { - return nil, sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, "Invalid Address: (%s)", err) + return nil, pkitypes.NewErrInvalidAddress(err) } - signerAccount, _ := k.dclauthKeeper.GetAccountO(ctx, signerAddr) if !k.dclauthKeeper.HasRole(ctx, signerAddr, dclauthtypes.Vendor) { - return nil, sdkerrors.Wrapf(sdkerrors.ErrUnauthorized, - "MsgUpdatePkiRevocationDistributionPoint transaction should be signed by an account with the \"%s\" role", - dclauthtypes.Vendor, - ) + return nil, pkitypes.NewErrUnauthorizedRole("MsgUpdatePkiRevocationDistributionPoint", dclauthtypes.Vendor) + } + + // compare VID in message and Vendor acount + signerAccount, _ := k.dclauthKeeper.GetAccountO(ctx, signerAddr) + if msg.Vid != signerAccount.VendorID { + return nil, pkitypes.NewErrMessageVidNotEqualAccountVid(msg.Vid, signerAccount.VendorID) } // check that Revocation Point exists pkiRevocationDistributionPoint, isFound := k.GetPkiRevocationDistributionPoint(ctx, msg.Vid, msg.Label, msg.IssuerSubjectKeyID) if !isFound { - return nil, pkitypes.NewErrPkiRevocationDistributionPointDoesNotExists("PKI revocation distribution point does not exist") - } - - // check that Vendor has the same VID as the Revocation Point - if pkiRevocationDistributionPoint.Vid != signerAccount.VendorID { - return nil, sdkerrors.Wrap(pkitypes.ErrCRLSignerCertificateVidNotEqualAccountVid, - "MsgUpdatePkiRevocationDistributionPoint signer must have the same vid as provided in an existing certificate from the revocation point", - ) + return nil, pkitypes.NewErrPkiRevocationDistributionPointDoesNotExists(msg.Vid, msg.Label, msg.IssuerSubjectKeyID) } // validate and update new values @@ -50,7 +43,7 @@ func (k msgServer) UpdatePkiRevocationDistributionPoint(goCtx context.Context, m } if pkiRevocationDistributionPoint.RevocationType == types.CRLRevocationType && (msg.DataFileSize != 0 || msg.DataDigest != "" || msg.DataDigestType != 0) { - return nil, pkitypes.NewErrDataFieldPresented(fmt.Sprintf("Data Digest, Data File Size and Data Digest Type must be omitted for Revocation Type %d", types.CRLRevocationType)) + return nil, pkitypes.NewErrDataFieldPresented(types.CRLRevocationType) } if msg.DataURL != "" { @@ -73,8 +66,7 @@ func (k msgServer) UpdatePkiRevocationDistributionPoint(goCtx context.Context, m if isFound { for _, revocationPoint := range revocationList.Points { if revocationPoint.DataURL == msg.DataURL && revocationPoint.Vid == msg.Vid && revocationPoint.Label != msg.Label { - return nil, pkitypes.NewErrPkiRevocationDistributionPointAlreadyExists( - fmt.Sprintf("PKI revocation distribution point with DataURL (%s) already exist for IssuerID (%s)", msg.DataURL, msg.IssuerSubjectKeyID)) + return nil, pkitypes.NewErrPkiRevocationDistributionPointWithDataURLAlreadyExists(msg.DataURL, msg.IssuerSubjectKeyID) } } } @@ -113,22 +105,22 @@ func (k msgServer) verifyUpdatedPAA(ctx sdk.Context, newCertificatePem string, r // check that it's self-signed if !newCertificate.IsSelfSigned() { - return pkitypes.NewErrRootCertificateIsNotSelfSigned("Updated CRL signer certificate must be self-signed since old one was self-signed") + return pkitypes.NewErrRootCertificateIsNotSelfSigned() } // check that VID is the same - newVid, err := x509.GetVidFromSubject(newCertificate.SubjectAsText) + newCertificateVid, err := x509.GetVidFromSubject(newCertificate.SubjectAsText) if err != nil { - return sdkerrors.Wrapf(pkitypes.ErrInvalidVidFormat, "Could not parse vid: %s", err) + return pkitypes.NewErrInvalidVidFormat(err) } - if newVid != 0 && newVid != revocationPoint.Vid { - return pkitypes.NewErrCRLSignerCertificateVidNotEqualMsgVid("CRL Signer Certificate's vid must be equal to the provided vid in the message") + if newCertificateVid != 0 && newCertificateVid != revocationPoint.Vid { + return pkitypes.NewErrCRLSignerCertificateVidNotEqualRevocationPointVid(newCertificateVid, revocationPoint.Vid) } // find the cert on the ledger approvedCertificates, isFound := k.GetApprovedCertificates(ctx, newCertificate.Subject, newCertificate.SubjectKeyID) if !isFound { - return sdkerrors.Wrap(pkitypes.NewErrCertificateDoesNotExist(newCertificate.Subject, newCertificate.SubjectKeyID), "CRL signer Certificate must be a root certificate present on the ledger if isPAA = True") + return pkitypes.NewErrRootCertificateDoesNotExist(newCertificate.Subject, newCertificate.SubjectKeyID) } // check that it has the same PEM value @@ -141,14 +133,14 @@ func (k msgServer) verifyUpdatedPAA(ctx sdk.Context, newCertificatePem string, r } } if foundRootCert == nil { - return pkitypes.NewErrPemValuesNotEqual("PEM values of the CRL signer certificate and a certificate found by its Subject and SubjectKeyID are not equal") + return pkitypes.NewErrPemValuesNotEqual(newCertificate.Subject, newCertificate.SubjectKeyID) } // check that new cert has the same VID as in the message if it's non-VID scoped // (vid-scoped has been already checked as part of static validation + equality of PEM values) ledgerRootVid, err := x509.GetVidFromSubject(foundRootCert.SubjectAsText) if err != nil { - return sdkerrors.Wrapf(pkitypes.ErrInvalidVidFormat, "Could not parse vid: %s", err) + return pkitypes.NewErrInvalidVidFormat(err) } if ledgerRootVid == 0 && revocationPoint.Vid != foundRootCert.Vid { return pkitypes.NewErrMessageVidNotEqualRootCertVid(revocationPoint.Vid, foundRootCert.Vid) @@ -169,28 +161,28 @@ func (k msgServer) verifyUpdatedPAI(ctx sdk.Context, newCertificatePem string, r // check that it's not self-signed if newCertificate.IsSelfSigned() { - return pkitypes.NewErrNonRootCertificateSelfSigned("Updated CRL signer certificate must not be self-signed since old one was not self-signed") + return pkitypes.NewErrNonRootCertificateSelfSigned() } // check that VID is the same - newVid, err := x509.GetVidFromSubject(newCertificate.SubjectAsText) + newCertificateVid, err := x509.GetVidFromSubject(newCertificate.SubjectAsText) if err != nil { - return sdkerrors.Wrapf(pkitypes.ErrInvalidVidFormat, "Could not parse vid: %s", err) + return pkitypes.NewErrInvalidVidFormat(err) } - if newVid != revocationPoint.Vid { - return pkitypes.NewErrCRLSignerCertificateVidNotEqualRevocationPointVid(revocationPoint.Vid, newVid) + if newCertificateVid != revocationPoint.Vid { + return pkitypes.NewErrCRLSignerCertificateVidNotEqualRevocationPointVid(revocationPoint.Vid, newCertificateVid) } // check PID - newPid, err := x509.GetPidFromSubject(newCertificate.SubjectAsText) + newCertificatePid, err := x509.GetPidFromSubject(newCertificate.SubjectAsText) if err != nil { - return sdkerrors.Wrapf(pkitypes.ErrInvalidPidFormat, "Could not parse pid: %s", err) + return pkitypes.NewErrInvalidPidFormat(err) } - if newPid != 0 && newPid != revocationPoint.Pid { - return pkitypes.NewErrCRLSignerCertificatePidNotEqualMsgPid("pid in updated CRL Signer Certificate must be equal to pid in revocation point") + if newCertificatePid != 0 && newCertificatePid != revocationPoint.Pid { + return pkitypes.NewErrCRLSignerCertificatePidNotEqualRevocationPointPid(newCertificatePid, revocationPoint.Pid) } - if newPid == 0 && newPid != revocationPoint.Pid { - return pkitypes.NewErrPidNotFound("pid not found in updated CRL Signer Certificate when it is provided in revocation point") + if newCertificatePid == 0 && newCertificatePid != revocationPoint.Pid { + return pkitypes.NewErrPidNotFoundInCertificateButProvidedInRevocationPoint() } // check that it's chained back to a cert on DCL diff --git a/x/pki/types/message_add_pki_revocation_distribution_point.go b/x/pki/types/message_add_pki_revocation_distribution_point.go index 983788a1c..04c0b96b0 100644 --- a/x/pki/types/message_add_pki_revocation_distribution_point.go +++ b/x/pki/types/message_add_pki_revocation_distribution_point.go @@ -1,11 +1,9 @@ package types import ( - "fmt" "strings" sdk "github.com/cosmos/cosmos-sdk/types" - sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" "github.com/zigbee-alliance/distributed-compliance-ledger/utils/validator" "github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/x509" @@ -57,21 +55,21 @@ func (msg *MsgAddPkiRevocationDistributionPoint) GetSignBytes() []byte { func (msg *MsgAddPkiRevocationDistributionPoint) verifyPAA(cert *x509.Certificate) error { if msg.Pid != 0 { - return pkitypes.NewErrNotEmptyPid("Product ID (pid) must be empty for root certificates when isPAA is true") + return pkitypes.NewErrNotEmptyPidForRootCertificate() } if !cert.IsSelfSigned() { - return pkitypes.NewErrRootCertificateIsNotSelfSigned("CRL Signer Certificate must be self-signed if isPAA is True") + return pkitypes.NewErrRootCertificateIsNotSelfSigned() } // verify VID vid, err := x509.GetVidFromSubject(cert.SubjectAsText) if err != nil { - return sdkerrors.Wrapf(pkitypes.ErrInvalidVidFormat, "Could not parse vid: %s", err) + return pkitypes.NewErrInvalidVidFormat(err) } if vid > 0 && vid != msg.Vid { - return pkitypes.NewErrCRLSignerCertificateVidNotEqualMsgVid(fmt.Sprintf("CRL Signer Certificate's vid=%d must be equal to the provided vid=%d in the message", vid, msg.Vid)) + return pkitypes.NewErrCRLSignerCertificateVidNotEqualMsgVid(vid, msg.Vid) } return nil @@ -79,32 +77,32 @@ func (msg *MsgAddPkiRevocationDistributionPoint) verifyPAA(cert *x509.Certificat func (msg *MsgAddPkiRevocationDistributionPoint) verifyPAI(cert *x509.Certificate) error { if cert.IsSelfSigned() { - return pkitypes.NewErrNonRootCertificateSelfSigned("CRL Signer Certificate shall not be self-signed if isPAA is False") + return pkitypes.NewErrNonRootCertificateSelfSigned() } // verify VID vid, err := x509.GetVidFromSubject(cert.SubjectAsText) if err != nil { - return sdkerrors.Wrapf(pkitypes.ErrInvalidVidFormat, "Could not parse vid: %s", err) + return pkitypes.NewErrInvalidVidFormat(err) } if vid != msg.Vid { - return pkitypes.NewErrCRLSignerCertificateVidNotEqualMsgVid(fmt.Sprintf("CRL Signer Certificate's vid=%d must be equal to the provided vid=%d in the message", vid, msg.Vid)) + return pkitypes.NewErrCRLSignerCertificateVidNotEqualMsgVid(vid, msg.Vid) } // verify PID pid, err := x509.GetPidFromSubject(cert.SubjectAsText) if err != nil { - return sdkerrors.Wrapf(pkitypes.ErrInvalidPidFormat, "Could not parse pid: %s", err) + return pkitypes.NewErrInvalidPidFormat(err) } if pid == 0 && msg.Pid != 0 { - return pkitypes.NewErrNotEmptyPid("Product ID (pid) must be empty when it is not found in non-root CRL Signer Certificate") + return pkitypes.NewErrNotEmptyPidForNonRootCertificate() } if pid != 0 && msg.Pid == 0 { - return pkitypes.NewErrPidNotFound(fmt.Sprintf("Product ID (pid) must be provided when pid=%d in non-root CRL Signer Certificate", pid)) + return pkitypes.NewErrPidNotFoundInMessage(pid) } if pid != msg.Pid { - return pkitypes.NewErrCRLSignerCertificatePidNotEqualMsgPid(fmt.Sprintf("CRL Signer Certificate's pid=%d must be equal to the provided pid=%d in the message", pid, msg.Pid)) + return pkitypes.NewErrCRLSignerCertificatePidNotEqualMsgPid(pid, msg.Pid) } return nil @@ -139,7 +137,7 @@ func (msg *MsgAddPkiRevocationDistributionPoint) verifyFields() error { } if !isDataDigestInTypes { - return pkitypes.NewErrInvalidDataDigestType(fmt.Sprintf("invalid DataDigestType: %d. Supported types are: %v", msg.DataDigestType, allowedDataDigestTypes)) + return pkitypes.NewErrInvalidDataDigestType(msg.DataDigestType, allowedDataDigestTypes[:]) } isRevocationInTypes := false @@ -152,37 +150,37 @@ func (msg *MsgAddPkiRevocationDistributionPoint) verifyFields() error { } if !isRevocationInTypes { - return pkitypes.NewErrInvalidRevocationType(fmt.Sprintf("invalid RevocationType: %d. Supported types are: %d", msg.RevocationType, allowedRevocationTypes)) + return pkitypes.NewErrInvalidRevocationType(msg.RevocationType, allowedRevocationTypes[:]) } if !strings.HasPrefix(msg.DataURL, "https://") && !strings.HasPrefix(msg.DataURL, "http://") { - return pkitypes.NewErrInvalidDataURLFormat("Data Url must start with https:// or http://") + return pkitypes.NewErrInvalidDataURLSchema() } if msg.DataFileSize == 0 && msg.DataDigest != "" { - return pkitypes.NewErrNonEmptyDataDigest("Data Digest must be provided only if Data File Size is provided") + return pkitypes.NewErrNonEmptyDataDigest() } if msg.DataFileSize != 0 && msg.DataDigest == "" { - return pkitypes.NewErrEmptyDataDigest("Data Digest must be provided if Data File Size is provided") + return pkitypes.NewErrEmptyDataDigest() } if msg.DataDigest == "" && msg.DataDigestType != 0 { - return pkitypes.NewErrNotEmptyDataDigestType("Data Digest Type must be provided only if Data Digest is provided") + return pkitypes.NewErrNotEmptyDataDigestType() } if msg.DataDigest != "" && msg.DataDigestType == 0 { - return pkitypes.NewErrEmptyDataDigestType("Data Digest Type must be provided if Data Digest is provided") + return pkitypes.NewErrEmptyDataDigestType() } if msg.RevocationType == CRLRevocationType && (msg.DataFileSize != 0 || msg.DataDigest != "" || msg.DataDigestType != 0) { - return pkitypes.NewErrDataFieldPresented(fmt.Sprintf("Data Digest, Data File Size and Data Digest Type must be omitted for Revocation Type %d", CRLRevocationType)) + return pkitypes.NewErrDataFieldPresented(CRLRevocationType) } match := VerifyRevocationPointIssuerSubjectKeyIDFormat(msg.IssuerSubjectKeyID) if !match { - return pkitypes.NewErrWrongSubjectKeyIDFormat("Wrong IssuerSubjectKeyID format. It must consist of even number of uppercase hexadecimal characters ([0-9A-F]), with no whitespace and no non-hexadecimal characters") + return pkitypes.NewErrWrongSubjectKeyIDFormat() } return nil @@ -191,7 +189,7 @@ func (msg *MsgAddPkiRevocationDistributionPoint) verifyFields() error { func (msg *MsgAddPkiRevocationDistributionPoint) ValidateBasic() error { _, err := sdk.AccAddressFromBech32(msg.Signer) if err != nil { - return sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid signer address (%s)", err) + return pkitypes.NewErrInvalidAddress(err) } err = validator.Validate(msg) diff --git a/x/pki/types/message_delete_pki_revocation_distribution_point.go b/x/pki/types/message_delete_pki_revocation_distribution_point.go index 51069a644..9f801b13f 100644 --- a/x/pki/types/message_delete_pki_revocation_distribution_point.go +++ b/x/pki/types/message_delete_pki_revocation_distribution_point.go @@ -2,7 +2,6 @@ package types import ( sdk "github.com/cosmos/cosmos-sdk/types" - sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" "github.com/zigbee-alliance/distributed-compliance-ledger/utils/validator" ) @@ -46,7 +45,7 @@ func (msg *MsgDeletePkiRevocationDistributionPoint) GetSignBytes() []byte { func (msg *MsgDeletePkiRevocationDistributionPoint) ValidateBasic() error { _, err := sdk.AccAddressFromBech32(msg.Signer) if err != nil { - return sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid signer address (%s)", err) + return pkitypes.NewErrInvalidAddress(err) } err = validator.Validate(msg) @@ -57,7 +56,7 @@ func (msg *MsgDeletePkiRevocationDistributionPoint) ValidateBasic() error { match := VerifyRevocationPointIssuerSubjectKeyIDFormat(msg.IssuerSubjectKeyID) if !match { - return pkitypes.NewErrWrongSubjectKeyIDFormat("Wrong IssuerSubjectKeyID format. It must consist of even number of uppercase hexadecimal characters ([0-9A-F]), with no whitespace and no non-hexadecimal characters") + return pkitypes.NewErrWrongSubjectKeyIDFormat() } return nil diff --git a/x/pki/types/message_update_pki_revocation_distribution_point.go b/x/pki/types/message_update_pki_revocation_distribution_point.go index 4bfed25bd..d4ce72aaa 100644 --- a/x/pki/types/message_update_pki_revocation_distribution_point.go +++ b/x/pki/types/message_update_pki_revocation_distribution_point.go @@ -1,11 +1,9 @@ package types import ( - fmt "fmt" "strings" sdk "github.com/cosmos/cosmos-sdk/types" - sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki" "github.com/zigbee-alliance/distributed-compliance-ledger/utils/validator" ) @@ -54,7 +52,7 @@ func (msg *MsgUpdatePkiRevocationDistributionPoint) GetSignBytes() []byte { func (msg *MsgUpdatePkiRevocationDistributionPoint) ValidateBasic() error { _, err := sdk.AccAddressFromBech32(msg.Signer) if err != nil { - return sdkerrors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid signer address (%s)", err) + return pkitypes.NewErrInvalidAddress(err) } err = validator.Validate(msg) @@ -75,33 +73,33 @@ func (msg *MsgUpdatePkiRevocationDistributionPoint) ValidateBasic() error { } if msg.DataURL != "" && !strings.HasPrefix(msg.DataURL, "https://") && !strings.HasPrefix(msg.DataURL, "http://") { - return pkitypes.NewErrInvalidDataURLFormat("Data Url must start with https:// or http://") + return pkitypes.NewErrInvalidDataURLSchema() } if !isDataDigestInTypes { - return pkitypes.NewErrInvalidDataDigestType(fmt.Sprintf("invalid DataDigestType: %d. Supported types are: %v", msg.DataDigestType, allowedDataDigestTypes)) + return pkitypes.NewErrInvalidDataDigestType(msg.DataDigestType, allowedDataDigestTypes[:]) } if msg.DataFileSize == 0 && msg.DataDigest != "" { - return pkitypes.NewErrNonEmptyDataDigest("Data Digest must be provided only if Data File Size is provided") + return pkitypes.NewErrNonEmptyDataDigest() } if msg.DataFileSize != 0 && msg.DataDigest == "" { - return pkitypes.NewErrEmptyDataDigest("Data Digest must be provided if Data File Size is provided") + return pkitypes.NewErrEmptyDataDigest() } if msg.DataDigest == "" && msg.DataDigestType != 0 { - return pkitypes.NewErrNotEmptyDataDigestType("Data Digest Type must be provided only if Data Digest is provided") + return pkitypes.NewErrNotEmptyDataDigestType() } if msg.DataDigest != "" && msg.DataDigestType == 0 { - return pkitypes.NewErrEmptyDataDigestType("Data Digest Type must be provided if Data Digest is provided") + return pkitypes.NewErrEmptyDataDigestType() } match := VerifyRevocationPointIssuerSubjectKeyIDFormat(msg.IssuerSubjectKeyID) if !match { - return pkitypes.NewErrWrongSubjectKeyIDFormat("Wrong IssuerSubjectKeyID format. It must consist of even number of uppercase hexadecimal characters ([0-9A-F]), with no whitespace and no non-hexadecimal characters") + return pkitypes.NewErrWrongSubjectKeyIDFormat() } return nil