transactions.md

Transactions and Queries

See use case sequence diagrams for the examples of how transaction can be used.

1. General
2. How to write to the Ledger
3. How to read from the Ledger
4. Modules
   • Vendor Info
   • Model and Model Version
   • Compliance
   • X509 PKI
   • Auth
   • Validator Node
   • Upgrade
5. Extensions

General

• Every writer to the Ledger must
  • Have a private/public key pair.
  • Have an Account created on the ledger via ACCOUNT transaction (see Use Case Txn Auth).
    • The Account stores the public part of the key
    • The Account has an associated role. The role is used for authorization policies.
  • Sign every transaction by the private key.
• Ledger is public for read which means that anyone can read from the Ledger without a need to have an Account or sign the request.
• The following roles are supported:
  • Trustee - can create and approve accounts, approve root certificates.
  • Vendor - can add models that belong to the vendor ID associated with the vendor account.
  • VendorAdmin - can add vendor info records and update any vendor info.
  • CertificationCenter - can certify and revoke models.
  • NodeAdmin - can add validator nodes to the network.

How to write to the Ledger

• Local CLI
  • Configure the CLI before using. See CLI Configuration section in how-to.md.
  • Generate and store a private key for the Account to be used for sending. See Getting Account section in how-to.md.
  • Send transactions to the ledger from the Account (--from).
    • it will automatically build a request, sign it by the account's key, and broadcast to the ledger.
  • See CLI sub-sections for every write request (transaction).
  • It's possible to build, sign and broadcast a transaction separately (possibly by diferent CLIs):
    • Let's assume we have two CLIs:
      • CLI 1: Is connected to the network of nodes. Doesn't have access to private keys.
      • CLI 2: Stores private key. Does not have a connection to the network of nodes.
    • Build transaction by CLI 1: dcld tx ... --generate-only
    • Fetch account-number and sequence by CLI 1: dcld query auth account --address <address>
    • Sign transaction by CLI 2: dcld tx sign txn.json --from <from> --account-number <int> --sequence <int> --gas "auto" --offline --output-document txn.json
    • Broadcast transaction by CLI 1: dcld tx broadcast txn.json
    • To get the actual result of transaction, dcld query tx=txHash call must be executed, where txHash is the hash of previously executed transaction.
• gRPC:
  • Generate a client code from the proto files proto for the client language (see https://grpc.io/docs/languages/)
  • Build, sign, and broadcast the message (transaction). See grpc/rest integration tests as an example.
• REST API
  • Build and sign a transaction by one of the following ways
    • In code via gRPC (see above)
    • Via CLI commands specifying --generate-only flag and using dcld tx sign (see above)
  • The user does a POST of the signed request to http://<node-ip>:1317/cosmos/tx/v1beta1/txs endpoint.
  • Example

dcld tx ... --generate-only
dcld query auth account --address <address>
dcld tx sign txn.json --from <from> --account-number <int> --sequence <int> --gas "auto" --offline --output-document txn.json
POST http://<node-ip>:1317/cosmos/tx/v1beta1/txs

How to read from the Ledger

No keys/account is needed as the ledger is public for reads.

Please note, that multi-value queries don't have state proofs support and should be sent to trusted nodes only.

Please make sure that TLS is enabled in gRPC, REST or Light Client Proxy for secure communication with a Node.

• Local CLI
  • See CLI section for every read request.
  • If there are no trusted Observer or Validator nodes to connect a CLI, then a Light Client Proxy can be used.
• REST API
  • OpenAPI specification: https://zigbee-alliance.github.io/distributed-compliance-ledger/.
  • Any running node exposes a REST API at port 1317. See https://docs.cosmos.network/v0.45/core/grpc_rest.html.
  • See REST API section for every read request.
  • See grpc/rest integration tests as an example.
  • There are no state proofs in REST, so REST queries should be sent to trusted Validator or Observer nodes only.
• gRPC
  • Any running node exposes a REST API at port 9090. See https://docs.cosmos.network/v0.45/core/grpc_rest.html.
  • Generate a client code from the proto files proto for the client language (see https://grpc.io/docs/languages/).
  • See grpc/rest integration tests as an example.
  • There are no state proofs in gRPC, so gRPC queries should be sent to trusted Validator or Observer nodes only.
• Tendermint RPC
  • Tendermint RPC OpenAPI specification can be found in https://zigbee-alliance.github.io/distributed-compliance-ledger/.
  • Tendermint RPC is exposed by every running node at port 26657. See https://docs.cosmos.network/v0.45/core/grpc_rest.html#tendermint-rpc.
  • Tendermint RPC supports state proofs. Tendermint's Light Client library can be used to verify the state proofs. So, if Light Client API is used, then it's possible to communicate with non-trusted nodes.
  • Please note, that multi-value queries don't have state proofs support and should be sent to trusted nodes only.
  • Refer to this doc to see how to subscribe to a Tendermint WebSocket based events and/or query an application components.

NotFound (404 code) is returned if an entry is not found on the ledger.

Query types

• Query single value
• Query list of values with pagination support (should be sent to trusted nodes only)

Common pagination parameters

• count-total optional(bool): count total number of records
• limit optional(uint): pagination limit (default 100)
• offset optional(uint): pagination offset
• page optional(uint): pagination page. This sets offset to a multiple of limit (default 1).
• page-key optional(string): pagination page-key
• reverse optional(bool): results are sorted in descending order

Modules

Vendor Info

Method	CLI command / REST API
ADD_VENDOR_INFO Adds a record about a Vendor	CLI dcld tx vendorinfo add-vendor --vid=<uint16> --vendorName=<string> --companyLegalName=<string> ... POST /cosmos/tx/v1beta1/txs(NewMsgCreateVendorInfo)
UPDATE_VENDOR_INFO Updates a record about a Vendor	CLI dcld tx vendorinfo update-vendor --vid=<uint16> ... POST /cosmos/tx/v1beta1/txs(MsgUpdateVendorInfo)
GET_VENDOR_INFO Gets a Vendor Info for the given vid (vendor ID)	CLI dcld query vendorinfo vendor --vid=<uint16> GET /dcl/vendorinfo/vendors/{vid}
GET_ALL_VENDOR_INFO Gets information about all vendors for all VIDs	CLI dcld query vendorinfo all-vendors GET /dcl/vendorinfo/vendors

Model and Model Version

Method	CLI command / REST API
ADD_MODEL Adds a new Model	CLI dcld tx model add-model --vid=<uint16> --pid=<uint16> --deviceTypeID=<uint16> --productName=<string> ... POST /cosmos/tx/v1beta1/txs(MsgCreateModel)
EDIT_MODEL Edits an existing Model	CLI dcld tx model update-model --vid=<uint16> --pid=<uint16> ... POST /cosmos/tx/v1beta1/txs(MsgUpdateModel)
DELETE_MODEL Deletes an existing Model	CLI dcld tx model delete-model --vid=<uint16> --pid=<uint16> ... POST /cosmos/tx/v1beta1/txs(MsgDeleteModel)
ADD_MODEL_VERSION Adds a new Model Software Version	CLI dcld tx model add-model-version --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> ... POST /cosmos/tx/v1beta1/txs(MsgCreateModelVersion)
EDIT_MODEL_VERSION Edits an existing Model Software Version	CLI dcld tx model update-model-version --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> ... POST /cosmos/tx/v1beta1/txs(MsgUpdateModelVersion)
DELETE_MODEL_VERSION Deletes an existing Model Version	CLI dcld tx model delete-model-version --vid=< uint16 > --pid=< uint16 > --softwareVersion=<uint32> ... POST /cosmos/tx/v1beta1/txs(MsgDeleteModelVersion)
GET_MODEL Gets a Model Info	CLI dcld query model get-model --vid=<uint16> --pid=<uint16> GET /dcl/model/models/{vid}/{pid}
GET_MODEL_VERSION Gets a Model Software Versions	CLI dcld query model model-version --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> GET /dcl/model/versions/{vid}/{pid}/{softwareVersion}
GET_ALL_MODELS Gets all Model Infos for all vendors	CLI dcld query model all-models GET /dcl/model/models
GET_ALL_VENDOR_MODELS Gets all Model Infos by the given Vendor	CLI dcld query model vendor-models --vid=<uint16> GET /dcl/model/models/{vid}
GET_ALL_MODEL_VERSIONS Gets all Model Software Versions for vid and pid	CLI dcld query model all-model-versions --vid=<uint16> --pid=<uint16> GET /dcl/model/versions/{vid}/{pid}

Compliance

Method	CLI command / REST API
CERTIFY_MODEL Attests compliance of the Model Version	CLI dcld tx compliance certify-model --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> --certificationType=<string> ... POST /cosmos/tx/v1beta1/txs(MsgCertifyModel)
UPDATE_COMPLIANCE_INFO Updates a compliance info	CLI dcld tx compliance update-compliance-info --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> --certificationType=<string> ... POST /cosmos/tx/v1beta1/txs(MsgUpdateComplianceInfo)
DELETE_COMPLIANCE_INFO Delete compliance of the Model Version	CLI dcld tx compliance delete-compliance-info --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> --certificationType=<string> POST /cosmos/tx/v1beta1/txs(MsgUpdateComplianceInfo)
REVOKE_MODEL_CERTIFICATION Revoke compliance of the Model Version	CLI dcld tx compliance revoke-model --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> --certificationType=<string> ... POST /cosmos/tx/v1beta1/txs(MsgRevokeModel)
PROVISION_MODEL Sets provisional state for the Model Version	CLI dcld tx compliance provision-model --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> --certificationType=<string> ... POST /cosmos/tx/v1beta1/txs(MsgRevokeModel)
GET_CERTIFIED_MODEL Gets Model compliance information	CLI dcld query compliance certified-model --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> --certificationType=<string> GET /dcl/compliance/certified-models/{vid}/{pid}/{software_version}/{certification_type}
GET_REVOKED_MODEL Gets Model revocation information	CLI dcld query compliance revoked-model --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> --certificationType=<string> GET /dcl/compliance/revoked-models/{vid}/{pid}/{software_version}/{certification_type}
GET_PROVISIONAL_MODEL Gets Model Version provisional information	CLI dcld query compliance provisional-model --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> --certificationType=<string> GET /dcl/compliance/provisional-models/{vid}/{pid}/{software_version}/{certification_type}
GET_COMPLIANCE_INFO Gets Model Version compliance information	CLI dcld query compliance compliance-info --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> --certificationType=<string> GET /dcl/compliance/compliance-info/{vid}/{pid}/{software_version}/{certification_type}
GET_DEVICE_SOFT_COMPLIANCE Gets device software compliance	CLI dcld query compliance device-software-compliance --cDCertificateId=<string> GET /dcl/compliance/device-software-compliance/{cDCertificateId}
GET_ALL_CERTIFIED_MODELS Gets all compliant Model Versions	CLI dcld query compliance all-certified-models GET /dcl/compliance/certified-models
GET_ALL_REVOKED_MODELS Gets all revoked Model Versions	CLI dcld query compliance all-revoked-models GET /dcl/compliance/revoked-models
GET_ALL_PROVISIONAL_MODELS Gets all Model Versions in provisional state	CLI dcld query compliance all-provisional-models GET /dcl/compliance/provisional-models
GET_ALL_COMPLIANCE_RECORDS Gets all stored compliance information records	CLI dcld query compliance all-compliance-info GET /dcl/compliance/compliance-info
GET_ALL_DEVICE_SOFT_CMPLIANCES Gets all stored device software compliance's	CLI dcld query compliance all-device-software-compliance GET /dcl/compliance/device-software-compliance

X509 PKI

Method	CLI command / REST API
GLOBAL - Work for all certificate types (DA, NOC)
GET_CERT Gets a certificate (PAA, PAI, RCAC, ICAC)	CLI dcld query pki cert --subject=<base64 string> --subject-key-id=<hex string> GET /dcl/pki/all-certificates/{subject}/{subject_key_id}
GET_ALL_CERTS Gets all certificates (PAA, PAI, RCAC, ICAC)	CLI dcld query pki all-certs GET /dcl/pki/all-certificates
GET_ALL_CERTS_BY_SUBJECT Gets all certificates associated with a subject (PAA, PAI, RCAC, ICAC)	CLI dcld query pki all-subject-certs --subject=<base64 string> GET /dcl/pki/all-certificates/{subject}
GET_ALL_CERTS_BY_SKID Gets all certificates by the given subject key ID (PAA, PAI, RCAC, ICAC)	CLI dcld query pki cert --subject-key-id=<hex string> GET /dcl/pki/all-certificates?subjectKeyId={subjectKeyId}
GET_CHILD_CERTS Gets all child certificates for the given certificate (PAA, PAI, RCAC, ICAC)	CLI dcld query pki all-child-x509-certs --subject=<base64 string> --subject-key-id=<hex string> GET /dcl/pki/child-certificates/{subject}/{subject_key_id}
DA - Work for DA certificate types (PAA, PAI)
PROPOSE_ADD_PAA Proposes a new PAA (self-signed root certificate)	CLI dcld tx pki propose-add-x509-root-cert --certificate=<string-or-path> POST /cosmos/tx/v1beta1/txs(MsgProposeAddX509RootCert)
APPROVE_ADD_PAA Approves the proposed PAA / Re-vote	CLI dcld tx pki approve-add-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> POST /cosmos/tx/v1beta1/txs(MsgApproveAddX509RootCert)
REJECT_ADD_PAA Rejects the proposed PAA / Re-vote	CLI dcld tx pki reject-add-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> POST /cosmos/tx/v1beta1/txs(MsgRejectAddX509RootCert)
PROPOSE_REVOKE_PAA Proposes revocation of the given PAA	CLI dcld tx pki propose-revoke-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> POST /cosmos/tx/v1beta1/txs(MsgProposeRevokeX509RootCert)
APPROVE_REVOKE_PAA Approves the revocation of the given PAA	CLI dcld tx pki approve-revoke-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> POST /cosmos/tx/v1beta1/txs(MsgApproveRevokeX509RootCert)
ASSIGN_VID_TO_PAA Assigns a Vendor ID to non-VID scoped PAAs	CLI dcld tx pki assign-vid --subject=<base64 string> --subject-key-id=<hex string> --vid=<uint16> POST /cosmos/tx/v1beta1/txs(MsgAssignVid)
ADD_REVOCATION_DIST_POINT Publishes a PKI Revocation distribution endpoint	CLI dcld tx pki add-revocation-point -vid=<uint16> --pid=<uint16> --issuer-subject-key-id=<string> ... POST /cosmos/tx/v1beta1/txs(MsgAddPkiRevocationDistributionPoint)
UPDATE_REVOCATION_DIST_POINT Updates an existing PKI Revocation distribution endpoint	CLI dcld tx pki update-revocation-point --vid=<uint16> --issuer-subject-key-id=<string> ... POST /cosmos/tx/v1beta1/txs(MsgUpdatePkiRevocationDistributionPoint)
DELETE_REVOCATION_DIST_POINT Deletes a PKI Revocation distribution endpoint	CLI dcld tx pki delete-revocation-point --vid=<uint16> --issuer-subject-key-id=<string> ... POST /cosmos/tx/v1beta1/txs(MsgDeletePkiRevocationDistributionPoint)
ADD_PAI Adds a PAI (intermediate certificate)	CLI dcld tx pki add-x509-cert --certificate=<string-or-path> POST /cosmos/tx/v1beta1/txs(MsgAddX509Cert)
REVOKE_PAI Revokes the given PAI (intermediate certificate)	CLI dcld tx pki revoke-x509-cert --subject=<base64 string> --subject-key-id=<hex string> POST /cosmos/tx/v1beta1/txs(MsgRevokeX509Cert)
REMOVE_PAI Removes the given PAI from approved and revoked lists	CLI dcld tx pki remove-x509-cert --subject=<base64 string> --subject-key-id=<hex string> POST /cosmos/tx/v1beta1/txs(MsgRemoveX509Cert)
GET_ALL_DA_CERTS Gets all DA certificates	CLI dcld query pki all-x509-certs GET /dcl/pki/certificates
GET_ALL_PAA Gets all approved PAA certificates	CLI dcld query pki all-x509-root-certs GET /dcl/pki/root-certificates
GET_DA_CERT Gets a DA certificate (PAA, PAI)	CLI dcld query pki x509-cert --subject=<base64 string> --subject-key-id=<hex string> GET /dcl/pki/certificates/{subject}/{subject_key_id}
GET_DA_CERTS_BY_SKID Gets all DA certificates by the given subject key ID	CLI dcld query pki x509-cert --subject-key-id=<hex string> GET /dcl/pki/certificates?subjectKeyId={subjectKeyId}
GET_DA_CERTS_BY_SUBJECT Gets all DA certificates associated with a subject	CLI dcld query pki all-subject-x509-certs --subject=<base64 string> GET /dcl/pki/certificates/{subject}
GET_REV_DIST_POINT Gets a revocation distribution point	CLI dcld query pki revocation-point --vid=<uint16> --label=<string> --issuer-subject-key-id=<string> GET /dcl/pki/revocation-points/{issuerSubjectKeyID}/{vid}/{label}
GET_REV_DIST_POINTS_BY_SKID Gets a list of revocation distribution point by subject key id	CLI dcld query pki revocation-points --issuer-subject-key-id=<string> GET /dcl/pki/revocation-points/{issuerSubjectKeyID}
GET_ALL_PKI_REVOCATION_DIST_POINT Gets a list of all revocation distribution points	CLI dcld query pki all-revocation-points GET /dcl/pki/revocation-points
GET_ALL_PROPOSED_PAA Gets all proposed but not approved root certificates	CLI dcld query pki all-proposed-x509-root-certs GET /dcl/pki/revocation-points
GET_PROPOSED_PAA Gets a proposed but not approved PAA certificate	CLI dcld query pki proposed-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> GET /dcl/pki/proposed-certificates/{subject}/{subject_key_id}
GET_ALL_PROPOSED_PAA_TO_REVOKE Gets all proposed but not approved root certificates to be revoked	CLI dcld query pki all-proposed-x509-root-certs-to-revoke GET /dcl/pki/proposed-revocation-certificates
GET_PROPOSED_PAA_TO_REVOKE Gets a proposed but not approved PAA certificate to be revoked	CLI dcld query pki proposed-x509-root-cert-to-revoke --subject=<base64 string> --subject-key-id=<hex string> GET /dcl/pki/proposed-revocation-certificates/{subject}/{subject_key_id}?serialnumber={serialnumber}
GET_ALL_REVOKED_DA_CERTS Gets all revoked DA certificates	CLI dcld query pki all-revoked-x509-certs GET /dcl/pki/revoked-certificates
GET_REVOKED_DA_CERT Gets a revoked DA certificate (PAA, PAI)	CLI dcld query pki revoked-x509-cert --subject=<base64 string> --subject-key-id=<hex string> GET /dcl/pki/revoked-certificates/{subject}/{subject_key_id}
GET_ALL_REVOKED_PAA Gets all revoked PAA certificates	CLI dcld query pki all-revoked-x509-root-certs GET /dcl/pki/revoked-root-certificates
GET_ALL_REJECTED_PAA Gets all rejected root certificates	CLI dcld query pki all-rejected-x509-root-certs GET dcl/pki/rejected-certificates
GET_REJECTED_PAA Get a rejected PAA certificate	CLI dcld query pki rejected-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> GET /dcl/pki/rejected-certificates/{subject}/{subject_key_id}
NOC - Work for NOC certificate types (RCAC, ICAC)
ADD_NOC_ROOT Adds a NOC root certificate (RCAC)	CLI dcld tx pki add-noc-x509-root-cert --certificate=<string-or-path> ... POST /cosmos/tx/v1beta1/txs(MsgAddNocX509RootCert)
REVOKE_NOC_ROOT Revokes a NOC root certificate (RCAC)	CLI dcld tx pki revoke-noc-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> ... POST /cosmos/tx/v1beta1/txs(MsgRevokeNocX509RootCert)
REMOVE_NOC_ROOT Removes a NOC root certificate (RCAC)	CLI dcld tx pki remove-noc-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> ... POST /cosmos/tx/v1beta1/txs(MsgRemoveNocX509RootCert)
ADD_NOC_ICA Adds a NOC ica certificate (ICAC)	CLI dcld tx pki add-noc-x509-ica-cert --certificate=<string-or-path> ... POST /cosmos/tx/v1beta1/txs(MsgAddNocX509IcaCert)
REVOKE_NOC_ICA Revokes a NOC ica certificate (ICAC)	CLI dcld tx pki revoke-noc-x509-ica-cert --subject=<base64 string> --subject-key-id=<hex string> ... POST /cosmos/tx/v1beta1/txs(MsgRevokeNocX509IcaCert)
REMOVE_NOC_ICA Remove a NOC ica certificate (ICAC)	CLI dcld tx pki remove-noc-x509-ica-cert --subject=<base64 string> --subject-key-id=<hex string> ... POST /cosmos/tx/v1beta1/txs(MsgRemoveNocX509IcaCert)
GET_NOC_CERT Gets a NOC certificate (RCAC, ICAC)	CLI dcld query pki noc-x509-cert --subject=<base64 string> --subject-key-id=<hex string> GET /dcl/pki/all-noc-certificates/{subject}/{subject_key_id}
GET_NOC_ROOT_BY_VID Retrieve NOC root certificates (RCACs) associated with a specific VID	CLI dcld query pki noc-x509-root-certs --vid=<uint16> GET /dcl/pki/noc-vid-root-certificates/{vid}
GET_NOC_BY_VID_AND_SKID Retrieve NOC certificates (RCACs/ICACs) associated with a specific VID and SKID	CLI dcld query pki noc-x509-cert --vid=<uint16> --subject-key-id=<hex string> GET /dcl/pki/noc-vid-certificates/{vid}/{subject_key_id}
GET_NOC_ICA_BY_VID Retrieve NOC ICA certificates (ICACs) associated with a specific VID	CLI dcld query pki noc-x509-ica-certs --vid=<uint16> GET /dcl/pki/noc-vid-ica-certificates/{vid}
GET_NOC_CERTS_BY_SUBJECT Gets all NOC certificates associated with a subject	CLI dcld query pki all-noc-subject-x509-certs --subject=<base64 string> GET /dcl/pki/all-noc-certificates/{subject}
GET_REVOKED_NOC_ROOT Gets a revoked NOC root certificate (RCAC) by the given subject and SKID	CLI dcld query pki revoked-noc-x509-root-cert --subject=<base64 string> --subject-key-id=<hex string> GET /dcl/pki/revoked-noc-root-certificates/{subject}/{subject_key_id}
GET_REVOKED_NOC_ICA Gets a revoked NOC ica certificate (ICAC) by the given subject and SKID	CLI dcld query pki revoked-noc-x509-ica-cert --subject=<base64 string> --subject-key-id=<hex string> GET /dcl/pki/revoked-noc-ica-certificates/{subject}/{subject_key_id}
GET_ALL_NOC Retrieve a list of all of NOC certificates (RCACs of ICACs)	CLI dcld query pki all-noc-x509-certs GET /dcl/pki/all-noc-certificates
GET_ALL_NOC_ROOT Retrieve a list of all of NOC root certificates (RCACs)	CLI dcld query pki all-noc-x509-root-certs GET /dcl/pki/noc-root-certificates
GET_ALL_NOC_ICA Retrieve a list of all of NOC ICA certificates (ICACs)	CLI dcld query pki all-noc-x509-ica-certs GET /dcl/pki/noc-ica-certificates
GET_ALL_REVOKED_NOC_ROOT Gets all revoked NOC root certificates (RCACs)	CLI dcld query pki all-revoked-noc-x509-root-certs GET /dcl/pki/revoked-noc-root-certificates
GET_ALL_REVOKED_NOC_ICA Gets all revoked NOC ica certificates (ICACs)	CLI dcld query pki all-revoked-noc-x509-ica-certs GET /dcl/pki/revoked-noc-ica-certificates

Auth

Method	CLI command / REST API
PROPOSE_ADD_ACCOUNT Proposes a new Account	CLI dcld tx auth propose-add-account --address=<string> --pubkey='<JSON>' ... POST /cosmos/tx/v1beta1/txs(MsgProposeAddAccount)
APPROVE_ADD_ACCOUNT Approves the proposed account / Re-vote	CLI dcld tx auth approve-add-account --address=<string> ... POST /cosmos/tx/v1beta1/txs(MsgApproveAddAccount)
REJECT_ADD_ACCOUNT Rejects the proposed account / Re-vote	CLI dcld tx auth reject-add-account --address=<string> ... POST /cosmos/tx/v1beta1/txs(MsgRejectAddAccount)
PROPOSE_REVOKE_ACCOUNT Proposes revocation of the Account	CLI dcld tx auth propose-revoke-account --address=<string> ... POST /cosmos/tx/v1beta1/txs(MsgProposeRevokeAccount)
APPROVE_REVOKE_ACCOUNT Approves the proposed revocation of the account	CLI dcld tx auth approve-revoke-account --address=<string> ... POST /cosmos/tx/v1beta1/txs(MsgApproveRevokeAccount)
GET_ACCOUNT Gets an accounts	CLI dcld query auth account --addres <string> GET /dcl/auth/accounts/{address}
GET_PROPOSED_ACCOUNT Gets a proposed but not approved accounts	CLI dcld query auth proposed-account --address <string> GET /dcl/auth/proposed-accounts/{address}
GET_REJECTED_ACCOUNT Get a rejected accounts	CLI dcld query auth rejected-account --address <string> GET /dcl/auth/rejected-accounts/{address}
GET_PROPOSED_ACCOUNT_TO_REVOKE Gets a proposed but not approved accounts to be revoked	CLI dcld query auth proposed-account-to-revoke --address <string> GET /dcl/auth/proposed-revocation-accounts/{address}
GET_REVOKED_ACCOUNT Gets a revoked account by its address	CLI dcld query auth revoked-account --address <string> GET /dcl/auth/revoked-accounts/{address}
GET_ALL_ACCOUNTS Gets all accounts	CLI dcld query auth all-accounts GET /dcl/auth/accounts
GET_ALL_PROPOSED_ACCOUNTS Gets all proposed but not approved accounts	CLI dcld query auth all-proposed-accounts GET /dcl/auth/proposed-accounts
GET_ALL_REJECTED_ACCOUNTS Get all rejected accounts	CLI dcld query auth all-rejected-accounts GET /dcl/auth/rejected-accounts
GET_ALL_PROPOSED_ACCS_TO_REVOKE Gets all proposed but not approved accounts to be revoked	CLI dcld query auth all-proposed-accounts-to-revoke GET /dcl/auth/proposed-revocation-accounts
GET_ALL_REVOKED_ACCOUNTS Gets all revoked accounts	CLI dcld query auth all-revoked-accounts GET /dcl/auth/revoked-accounts

Validator Node

Method	CLI command / REST API
ADD_VALIDATOR_NODE Adds a new Validator node	CLI dcld tx validator add-node --pubkey='<JSON>' --moniker=<string> ... POST /cosmos/tx/v1beta1/txs(MsgCreateValidator)
DISABLE_VALIDATOR_NODE Disables the Validator node by owner	CLI dcld tx validator disable-node ... POST /cosmos/tx/v1beta1/txs(MsgDisableValidator)
PROPOSE_DISABLE_VALIDATOR_NODE Proposes disabling of the Validator node by a Trustee	CLI dcld tx validator propose-disable-node --address=<string> ... POST /cosmos/tx/v1beta1/txs(MsgProposeDisableValidator)
APPROVE_DISABLE_VALIDATOR_NODE Approves disabling of the Validator node by a Trustee / Re-vote	CLI dcld tx validator approve-disable-node --address=<string> ... POST /cosmos/tx/v1beta1/txs(MsgApproveDisableValidator)
REJECT_DISABLE_VALIDATOR_NODE Rejects disabling of the Validator node by a Trustee / Re-vote	CLI dcld tx validator reject-disable-node --address=<string> ... POST /cosmos/tx/v1beta1/txs(MsgRejectDisableValidator)
ENABLE_VALIDATOR_NODE Enables the Validator node by the owner	CLI dcld tx validator enable-node ... POST /cosmos/tx/v1beta1/txs(MsgEnableValidator)
GET_VALIDATOR Gets a validator node	CLI dcld query validator node --address=<string GET /dcl/validator/nodes/{owner}
GET_ALL_VALIDATORS Gets the list of all validator nodes	CLI dcld query validator all-nodes GET /dcl/validator/nodes
GET_PROPOSED_DISABLE_VALIDATOR Gets a proposed validator node	CLI dcld query validator proposed-disable-node --address=<string> GET /dcl/validator/proposed-disable-nodes/{address}
GET_ALL_PROPOSED_DISABLE_VALIDATORS Gets the list of all proposed disable validator nodes	CLI dcld query validator all-proposed-disable-nodes GET /dcl/validator/proposed-disable-nodes
GET_REJECTED_DISABLE_VALIDATOR Gets a rejected validator node	CLI dcld query validator rejected-disable-node --address=<string> GET /dcl/validator/rejected-disable-nodes/{address}
GET_ALL_REJECTED_DISABLE_VALIDATORS Gets the list of all rejected disable validator nodes	CLI dcld query validator all-rejected-disable-nodes GET /dcl/validator/rejected-disable-nodes
GET_DISABLED_VALIDATOR Gets a disabled validator node	CLI dcld query validator disabled-node --address=<string> GET /dcl/validator/disabled-nodes/{address}
GET_ALL_DISABLED_VALIDATORS Gets the list of all disabled validator nodes	CLI dcld query validator all-disabled-nodes GET /dcl/validator/disabled-nodes
GET_LAST_VALIDATOR_POWER Gets a last validator node power	CLI dcld query validator last-power --address=<string> GET /dcl/validator/last-powers/{owner}
GET_ALL_LAST_VALIDATORS_POWER Gets the list of all last validator nodes power	CLI dcld query validator all-last-powers GET /dcl/validator/last-powers
UPDATE_VALIDATOR_NODE Updates the Validator node by the owner

Upgrade

Method	CLI command / REST API
PROPOSE_UPGRADE Proposes an upgrade plan with the given name at the given height	CLI dcld tx dclupgrade propose-upgrade --name=<string> --upgrade-height=<int64> ... POST /cosmos/tx/v1beta1/txs(MsgProposeUpgrade)
APPROVE_UPGRADE Approves the proposed upgrade plan with the given name / Re-vote	CLI dcld tx dclupgrade approve-upgrade --name=<string> ... POST /cosmos/tx/v1beta1/txs(MsgApproveUpgrade)
REJECT_UPGRADE Rejects the proposed upgrade plan with the given name / Re-vote	CLI dcld tx dclupgrade reject-upgrade --name=<string> ... POST /cosmos/tx/v1beta1/txs(MsgRejectUpgrade)
GET_PROPOSED_UPGRADE Gets the proposed upgrade plan with the given name	CLI dcld query dclupgrade proposed-upgrade --name=<string> GET /dcl/dclupgrade/proposed-upgrades/{name}
GET_APPROVED_UPGRADE Gets the approved upgrade plan with the given name	CLI dcld query dclupgrade approved-upgrade --name=<string> GET /dcl/dclupgrade/approved-upgrades/{name}
GET_REJECTED_UPGRADE Gets the rejected upgrade plan with the given name	CLI dcld query dclupgrade rejected-upgrade --name=<string> GET /dcl/dclupgrade/rejected-upgrades/{name}
GET_ALL_PROPOSED_UPGRADES Gets all the proposed upgrade plans	CLI dcld query dclupgrade all-proposed-upgrades GET /dcl/dclupgrade/proposed-upgrades
GET_ALL_APPROVED_UPGRADES Gets all the approved upgrade plans	CLI dcld query dclupgrade all-approved-upgrades GET /dcl/dclupgrade/approved-upgrades
GET_ALL_REJECTED_UPGRADES Gets all the rejected upgrade plans	CLI dcld query dclupgrade all-rejected-upgrades GET /dcl/dclupgrade/rejected-upgrades
GET_UPGRADE_PLAN Gets the currently scheduled upgrade plan, if it exists	CLI dcld query upgrade plan GET /cosmos/upgrade/v1beta1/current_plan
GET_APPLIED_UPGRADE Gets header block at which the upgrade was applied	CLI dcld query upgrade applied <name> GET /cosmos/upgrade/v1beta1/applied_plan/{name}
GET_MODULE_VERSIONS Gets a list of module names and their respective consensus versions	CLI dcld query upgrade module_versions GET /cosmos/upgrade/v1beta1/module_versions

Extensions

Sign

Sign transaction by the given key.

• Parameters:
  • txn - transaction to sign.
  • from - name or address of private key to use to sign.
  • account-number - (optional) the account number of the signing account.
  • sequence - (optional) the sequence number of the signing account.
  • chain-id - (optional) chain ID.
• CLI command:
  • dcld tx sign [path-to-txn-file] --from [address]

Note: if account_number and sequence are not specified they will be fetched from the ledger automatically.

Broadcast

Broadcast transaction to the ledger.

• Parameters:
  • txn - transaction to broadcast
• CLI command:
  • dcld tx broadcast [path-to-txn-file]
• REST API:
  • POST /cosmos/tx/v1beta1/txs

Status

Query status of a node.

• Parameters:
  • node: optional(string) - node physical address to query (by default queries the node specified in CLI config file or else "tcp://localhost:26657")
• CLI command:
  • dcld status [--node=<node ip>]
• REST API:
  • GET /cosmos/base/tendermint/v1beta1/node_info

Validator set

Get the list of tendermint validators participating in the consensus at given height.

• Parameters:
  • height: optional(uint) - height to query (the latest by default)
• CLI command:
  • dcld query tendermint-validator-set [height]
• REST API:
  • GET /cosmos/base/tendermint/v1beta1/validatorsets/latest
  • GET /cosmos/base/tendermint/v1beta1/validatorsets/{height}

Keys

The set of CLI commands that allows you to manage your local keystore.

Commands:

• Derive a new private key and encrypt to disk.

  You will be prompted to create an encryption passphrase. This passphrase will be requested each time you send write transactions on the ledger using this key. You can remember and securely save the mnemonic phrase shown after the key is created to be able to recover the key later.

  Command: dcld keys add <key name>

  Example: dcld keys add jack

• Recover existing key instead of creating a new one.

  The key can be recovered from a seed obtained from the mnemonic passphrase (see the previous command). You will be prompted to create an encryption passphrase and enter the seed's mnemonic. This passphrase will be requested each time you send write transactions on the ledger using this key.

  Command: dcld keys add <key name> --recover

  Example: dcld keys add jack --recover

• Get a list of all stored public keys.

  Command: dcld keys list

  Example: dcld keys list

• Get details for a key.

  Command: dcld keys show <key name>

  Example: dcld keys show jack

• Export a key.

  A private key from the local keystore can be exported in ASCII-armored encrypted format. You will be prompted to enter the decryption passphrase for the key and
  to create an encryption passphrase for the exported key. The exported key can be stored to a file for import.

  Command: dcld keys export <key name>

  Example: dcld keys export jack

• Import a key.

  A key can be imported from the ASCII-armored encrypted format obtained by the export key command. You will be prompted to enter the decryption passphrase for the exported key which was used during the export process.

  Command: dcld keys import <key name> <key file>

  Example: dcld keys import jack jack_exported_priv_key_file