refac add_cert (!230)

* review poka complete comment * review poka remove fixme tests * update metadata after rebase * I do not know why these tests did not run locally * update membership weights * fix benchmarks also with true runtime * fix tests * update runtime * update benchmarks * split add and renew cert remove issuer in add_cert and more refac the code compiles * clean up errors and mini refac

refac add_cert (!230)
629c5b9d · Hugo Trentesaux · bb06959e · 629c5b9d · 629c5b9d · 629c5b9d
Commit 629c5b9d authored Jan 29, 2024 by Hugo Trentesaux
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -5971,6 +5971,7 @@ dependencies = [
 name = "pallet-certification"
 version = "3.0.0"
 dependencies = [
+ "duniter-primitives",
 "frame-benchmarking",
 "frame-support",
 "frame-system",
@@ -6125,6 +6126,7 @@ dependencies = [
 name = "pallet-identity"
 version = "3.0.0"
 dependencies = [
+ "duniter-primitives",
 "frame-benchmarking",
 "frame-support",
 "frame-system",

--- a/docs/api/runtime-calls.md
+++ b/docs/api/runtime-calls.md
@@ -13,7 +13,7 @@ through on-chain governance mechanisms.

 ## User calls

-There are **77** user calls from **21** pallets.
+There are **78** user calls from **21** pallets.

 ### Account - 1

@@ -21,7 +21,7 @@ There are **77** user calls from **21** pallets.

 <details><summary><code>unlink_identity()</code></summary>

-Taking 0.0076 % of a block.
+Taking 0.0082 % of a block.

 ```rust
 ```
@@ -36,7 +36,7 @@ unlink the identity associated with the account

 <details><summary><code>schedule(when, maybe_periodic, priority, call)</code></summary>

-Taking 0.0088 % of a block.
+Taking 0.0098 % of a block.

 ```rust
 when: T::BlockNumber
@@ -53,7 +53,7 @@ Anonymously schedule a task.

 <details><summary><code>cancel(when, index)</code></summary>

-Taking 0.0118 % of a block.
+Taking 0.0131 % of a block.

 ```rust
 when: T::BlockNumber
@@ -68,7 +68,7 @@ Cancel an anonymously scheduled task.

 <details><summary><code>schedule_named(id, when, maybe_periodic, priority, call)</code></summary>

-Taking 0.012 % of a block.
+Taking 0.0131 % of a block.

 ```rust
 id: TaskName
@@ -86,7 +86,7 @@ Schedule a named task.

 <details><summary><code>cancel_named(id)</code></summary>

-Taking 0.0123 % of a block.
+Taking 0.0137 % of a block.

 ```rust
 id: TaskName
@@ -157,7 +157,7 @@ be reported.

 <details><summary><code>transfer_allow_death(dest, value)</code></summary>

-Taking 0.0129 % of a block.
+Taking 0.0152 % of a block.

 ```rust
 dest: AccountIdLookupOf<T>
@@ -199,7 +199,7 @@ WARNING: This call is DEPRECATED! Use `force_set_balance` instead.

 <details><summary><code>transfer_keep_alive(dest, value)</code></summary>

-Taking 0.0119 % of a block.
+Taking 0.0168 % of a block.

 ```rust
 dest: AccountIdLookupOf<T>
@@ -219,7 +219,7 @@ kill the origin account.

 <details><summary><code>transfer_all(dest, keep_alive)</code></summary>

-Taking 0.0122 % of a block.
+Taking 0.0142 % of a block.

 ```rust
 dest: AccountIdLookupOf<T>
@@ -284,7 +284,7 @@ The dispatch origin for this call is `root`.

 <details><summary><code>create_oneshot_account(dest, value)</code></summary>

-Taking 0.0084 % of a block.
+Taking 0.0095 % of a block.

 ```rust
 dest: <T::Lookup as StaticLookup>::Source
@@ -304,7 +304,7 @@ Origin account is kept alive.

 <details><summary><code>consume_oneshot_account(block_height, dest)</code></summary>

-Taking 0.012 % of a block.
+Taking 0.0134 % of a block.

 ```rust
 block_height: T::BlockNumber
@@ -323,7 +323,7 @@ Consume a oneshot account and transfer its balance to an account

 <details><summary><code>consume_oneshot_account_with_remaining(block_height, dest, remaining_to, balance)</code></summary>

-Taking 0.0155 % of a block.
+Taking 0.0175 % of a block.

 ```rust
 block_height: T::BlockNumber
@@ -351,7 +351,7 @@ and the remaining amount to another account.

 <details><summary><code>invite_smith(receiver)</code></summary>

-Taking 0.0136 % of a block.
+Taking 0.0153 % of a block.

 ```rust
 receiver: T::IdtyIndex
@@ -365,7 +365,7 @@ Invite a WoT member to try becoming a Smith

 <details><summary><code>accept_invitation()</code></summary>

-Taking 0.0085 % of a block.
+Taking 0.0094 % of a block.

 ```rust
 ```
@@ -378,7 +378,7 @@ Accept an invitation (must have been invited first)

 <details><summary><code>certify_smith(receiver)</code></summary>

-Taking 0.0126 % of a block.
+Taking 0.0139 % of a block.

 ```rust
 receiver: T::IdtyIndex
@@ -394,7 +394,7 @@ Certify an invited smith which can lead the certified to become a Smith

 <details><summary><code>go_offline()</code></summary>

-Taking 0.0103 % of a block.
+Taking 0.0117 % of a block.

 ```rust
 ```
@@ -407,7 +407,7 @@ ask to leave the set of validators two sessions after

 <details><summary><code>go_online()</code></summary>

-Taking 0.0114 % of a block.
+Taking 0.0138 % of a block.

 ```rust
 ```
@@ -420,7 +420,7 @@ ask to join the set of validators two sessions after

 <details><summary><code>set_session_keys(keys)</code></summary>

-Taking 0.0142 % of a block.
+Taking 0.0177 % of a block.

 ```rust
 keys: T::Keys
@@ -434,7 +434,7 @@ declare new session keys to replace current ones

 <details><summary><code>remove_member_from_blacklist(member_id)</code></summary>

-Taking 0.0079 % of a block.
+Taking 0.0094 % of a block.

 ```rust
 member_id: T::MemberId
@@ -491,7 +491,7 @@ The weight of this call is defined by the caller.

 <details><summary><code>note_preimage(bytes)</code></summary>

-Taking 0.2804 % of a block.
+Taking 0.5042 % of a block.

 ```rust
 bytes: Vec<u8>
@@ -508,7 +508,7 @@ the preimage. Otherwise, a deposit is taken proportional to the size of the prei

 <details><summary><code>unnote_preimage(hash)</code></summary>

-Taking 0.0119 % of a block.
+Taking 0.0135 % of a block.

 ```rust
 hash: T::Hash
@@ -527,7 +527,7 @@ If `len` is provided, then it will be a much cheaper operation.

 <details><summary><code>request_preimage(hash)</code></summary>

-Taking 0.0085 % of a block.
+Taking 0.0092 % of a block.

 ```rust
 hash: T::Hash
@@ -544,7 +544,7 @@ a user may have paid, and take the control of the preimage out of their hands.

 <details><summary><code>unrequest_preimage(hash)</code></summary>

-Taking 0.0112 % of a block.
+Taking 0.0119 % of a block.

 ```rust
 hash: T::Hash
@@ -562,7 +562,7 @@ NOTE: THIS MUST NOT BE CALLED ON `hash` MORE TIMES THAN `request_preimage`.

 <details><summary><code>execute(proposal, length_bound)</code></summary>

-Taking 0.0056 % of a block.
+Taking 0.0061 % of a block.

 ```rust
 proposal: Box<<T as Config<I>>::Proposal>
@@ -614,7 +614,7 @@ or put up for voting.

 <details><summary><code>vote(proposal, index, approve)</code></summary>

-Taking 0.0088 % of a block.
+Taking 0.0104 % of a block.

 ```rust
 proposal: T::Hash
@@ -680,7 +680,7 @@ proposal.

 <details><summary><code>claim_uds()</code></summary>

-Taking 0.0131 % of a block.
+Taking 0.0146 % of a block.

 ```rust
 ```
@@ -693,7 +693,7 @@ Claim Universal Dividends

 <details><summary><code>transfer_ud(dest, value)</code></summary>

-Taking 0.0134 % of a block.
+Taking 0.0158 % of a block.

 ```rust
 dest: <T::Lookup as StaticLookup>::Source
@@ -708,7 +708,7 @@ Transfer some liquid free balance to another account, in milliUD.

 <details><summary><code>transfer_ud_keep_alive(dest, value)</code></summary>

-Taking 0.0125 % of a block.
+Taking 0.0144 % of a block.

 ```rust
 dest: <T::Lookup as StaticLookup>::Source
@@ -725,7 +725,7 @@ Transfer some liquid free balance to another account, in milliUD.

 <details><summary><code>create_identity(owner_key)</code></summary>

-Taking 0.0439 % of a block.
+Taking 0.0484 % of a block.

 ```rust
 owner_key: T::AccountId
@@ -743,7 +743,7 @@ The origin must be allowed to create an identity.

 <details><summary><code>confirm_identity(idty_name)</code></summary>

-Taking 0.0181 % of a block.
+Taking 0.0204 % of a block.

 ```rust
 idty_name: IdtyName
@@ -761,7 +761,7 @@ The identity must have been created using `create_identity` before it can be con

 <details><summary><code>change_owner_key(new_key, new_key_sig)</code></summary>

-Taking 0.0238 % of a block.
+Taking 0.0306 % of a block.

 ```rust
 new_key: T::AccountId
@@ -782,7 +782,7 @@ The origin should be the old identity owner key.

 <details><summary><code>revoke_identity(idty_index, revocation_key, revocation_sig)</code></summary>

-Taking 0.0227 % of a block.
+Taking 0.0293 % of a block.

 ```rust
 idty_index: T::IdtyIndex
@@ -805,7 +805,7 @@ Any signed origin can execute this call.

 <details><summary><code>fix_sufficients(owner_key, inc)</code></summary>

-Taking 0.0077 % of a block.
+Taking 0.0081 % of a block.

 ```rust
 owner_key: T::AccountId
@@ -820,7 +820,7 @@ change sufficient ref count for given key

 <details><summary><code>link_account(account_id, payload_sig)</code></summary>

-Taking 0.011 % of a block.
+Taking 0.0135 % of a block.

 ```rust
 account_id: T::AccountId
@@ -835,28 +835,37 @@ Link an account to an identity

 #### add_cert - 0

-<details><summary><code>add_cert(issuer, receiver)</code></summary>
+<details><summary><code>add_cert(receiver)</code></summary>

-Taking 0.019 % of a block.
+Taking 0.0214 % of a block.

 ```rust
-issuer: T::IdtyIndex
 receiver: T::IdtyIndex
 ```
 </details>


-Add a new certification or renew an existing one
+Add a new certification.
+
+#### renew_cert - 3
+
+<details><summary><code>renew_cert(receiver)</code></summary>

- `receiver`: the account receiving the certification from the origin
+Taking 0.018 % of a block.
+
+```rust
+receiver: T::IdtyIndex
+```
+</details>

-The origin must be allow to certify.
+
+Renew an existing certification.

 #### del_cert - 1

 <details><summary><code>del_cert(issuer, receiver)</code></summary>

-Taking 0.0153 % of a block.
+Taking 0.0155 % of a block.

 ```rust
 issuer: T::IdtyIndex
@@ -871,7 +880,7 @@ remove a certification (only root)

 <details><summary><code>remove_all_certs_received_by(idty_index)</code></summary>

-Taking 3.5004 % of a block.
+Taking 3.7485 % of a block.

 ```rust
 idty_index: T::IdtyIndex
@@ -887,7 +896,7 @@ remove all certifications received by an identity (only root)

 <details><summary><code>request_distance_evaluation()</code></summary>

-Taking 0.06 % of a block.
+Taking 0.0194 % of a block.

 ```rust
 ```
@@ -902,7 +911,7 @@ negative evaluation will result in slash for caller

 <details><summary><code>request_distance_evaluation_for(target)</code></summary>

-Taking 0.0805 % of a block.
+Taking 0.0199 % of a block.

 ```rust
 target: T::IdtyIndex
@@ -917,7 +926,7 @@ only possible for unvalidated identity

 <details><summary><code>update_evaluation(computation_result)</code></summary>

-Taking 0.0914 % of a block.
+Taking 0.0214 % of a block.

 ```rust
 computation_result: ComputationResult
@@ -932,7 +941,7 @@ this is called internally by validators (= inherent)

 <details><summary><code>force_update_evaluation(evaluator, computation_result)</code></summary>

-Taking 0.0759 % of a block.
+Taking 0.014 % of a block.

 ```rust
 evaluator: <T as frame_system::Config>::AccountId
@@ -947,7 +956,7 @@ Force push an evaluation result to the pool

 <details><summary><code>force_valid_distance_status(identity)</code></summary>

-Taking 0.074 % of a block.
+Taking 0.0173 % of a block.

 ```rust
 identity: <T as pallet_identity::Config>::IdtyIndex
@@ -1034,7 +1043,7 @@ The dispatch origin for this call must be _Signed_.

 <details><summary><code>as_multi_threshold_1(other_signatories, call)</code></summary>

-Taking 0.0049 % of a block.
+Taking 0.0054 % of a block.

 ```rust
 other_signatories: Vec<T::AccountId>
@@ -1163,7 +1172,7 @@ NOTE: If this is the final approval, you will want to use `as_multi` instead.

 <details><summary><code>cancel_as_multi(threshold, other_signatories, timepoint, call_hash)</code></summary>

-Taking 0.0088 % of a block.
+Taking 0.0103 % of a block.

 ```rust
 threshold: u16
@@ -1202,7 +1211,7 @@ transaction for this dispatch.

 <details><summary><code>request(randomness_type, salt)</code></summary>

-Taking 0.0191 % of a block.
+Taking 0.0224 % of a block.

 ```rust
 randomness_type: RandomnessType
@@ -1219,7 +1228,7 @@ Request a randomness

 <details><summary><code>proxy(real, force_proxy_type, call)</code></summary>

-Taking 0.0055 % of a block.
+Taking 0.0064 % of a block.

 ```rust
 real: AccountIdLookupOf<T>
@@ -1243,7 +1252,7 @@ Parameters:

 <details><summary><code>add_proxy(delegate, proxy_type, delay)</code></summary>

-Taking 0.0085 % of a block.
+Taking 0.0098 % of a block.

 ```rust
 delegate: AccountIdLookupOf<T>
@@ -1267,7 +1276,7 @@ zero.

 <details><summary><code>remove_proxy(delegate, proxy_type, delay)</code></summary>

-Taking 0.0085 % of a block.
+Taking 0.0101 % of a block.

 ```rust
 delegate: AccountIdLookupOf<T>
@@ -1289,7 +1298,7 @@ Parameters:

 <details><summary><code>remove_proxies()</code></summary>

-Taking 0.0084 % of a block.
+Taking 0.0098 % of a block.

 ```rust
 ```
@@ -1307,7 +1316,7 @@ the unreserved fees will be inaccessible. **All access to this account will be l

 <details><summary><code>create_pure(proxy_type, delay, index)</code></summary>

-Taking 0.0085 % of a block.
+Taking 0.0109 % of a block.

 ```rust
 proxy_type: T::ProxyType
@@ -1340,7 +1349,7 @@ Fails if there are insufficient funds to pay for deposit.

 <details><summary><code>kill_pure(spawner, proxy_type, index, height, ext_index)</code></summary>

-Taking 0.0084 % of a block.
+Taking 0.0094 % of a block.

 ```rust
 spawner: AccountIdLookupOf<T>
@@ -1373,7 +1382,7 @@ account whose `pure` call has corresponding parameters.

 <details><summary><code>announce(real, call_hash)</code></summary>

-Taking 0.0123 % of a block.
+Taking 0.0138 % of a block.

 ```rust
 real: AccountIdLookupOf<T>
@@ -1402,7 +1411,7 @@ Parameters:

 <details><summary><code>remove_announcement(real, call_hash)</code></summary>

-Taking 0.0116 % of a block.
+Taking 0.0126 % of a block.

 ```rust
 real: AccountIdLookupOf<T>
@@ -1426,7 +1435,7 @@ Parameters:

 <details><summary><code>reject_announcement(delegate, call_hash)</code></summary>

-Taking 0.0116 % of a block.
+Taking 0.0128 % of a block.

 ```rust
 delegate: AccountIdLookupOf<T>
@@ -1450,7 +1459,7 @@ Parameters:

 <details><summary><code>proxy_announced(delegate, real, force_proxy_type, call)</code></summary>

-Taking 0.0125 % of a block.
+Taking 0.0155 % of a block.

 ```rust
 delegate: AccountIdLookupOf<T>
@@ -1479,7 +1488,7 @@ Parameters:

 <details><summary><code>batch(calls)</code></summary>

-Taking 0.1825 % of a block.
+Taking 0.2737 % of a block.

 ```rust
 calls: Vec<<T as Config>::RuntimeCall>
@@ -1510,7 +1519,7 @@ event is deposited.

 <details><summary><code>as_derivative(index, call)</code></summary>

-Taking 0.0046 % of a block.
+Taking 0.0049 % of a block.

 ```rust
 index: u16
@@ -1537,7 +1546,7 @@ The dispatch origin for this call must be _Signed_.

 <details><summary><code>batch_all(calls)</code></summary>

-Taking 0.1899 % of a block.
+Taking 0.2944 % of a block.

 ```rust
 calls: Vec<<T as Config>::RuntimeCall>
@@ -1563,7 +1572,7 @@ includes bypassing `frame_system::Config::BaseCallFilter`).

 <details><summary><code>force_batch(calls)</code></summary>

-Taking 0.1833 % of a block.
+Taking 0.3113 % of a block.

 ```rust
 calls: Vec<<T as Config>::RuntimeCall>
@@ -1611,7 +1620,7 @@ The dispatch origin for this call must be _Root_.

 <details><summary><code>propose_spend(value, beneficiary)</code></summary>

-Taking 0.0111 % of a block.
+Taking 0.0119 % of a block.

 ```rust
 value: BalanceOf<T, I>
@@ -1653,7 +1662,7 @@ beneficiary.

 <details><summary><code>remove_approval(proposal_id)</code></summary>

-Taking 0.0077 % of a block.
+Taking 0.0079 % of a block.

 ```rust
 proposal_id: ProposalIndex
@@ -1687,7 +1696,7 @@ There are **15** root calls from **8** pallets.

 <details><summary><code>set_heap_pages(pages)</code></summary>

-Taking 0.0101 % of a block.
+Taking 0.0105 % of a block.

 ```rust
 pages: u64
@@ -1735,7 +1744,7 @@ Set the new runtime code without doing any checks of the given `code`.

 <details><summary><code>set_storage(items)</code></summary>

-Taking 2.6239 % of a block.
+Taking 2.6599 % of a block.

 ```rust
 items: Vec<KeyValue>
@@ -1749,7 +1758,7 @@ Set some items of storage.

 <details><summary><code>kill_storage(keys)</code></summary>

-Taking 2.6145 % of a block.
+Taking 2.6329 % of a block.

 ```rust
 keys: Vec<Key>
@@ -1763,7 +1772,7 @@ Kill some items from storage.

 <details><summary><code>kill_prefix(prefix, subkeys)</code></summary>

-Taking 3.0011 % of a block.
+Taking 3.0283 % of a block.

 ```rust
 prefix: Key
@@ -1802,7 +1811,7 @@ not been enacted yet.

 <details><summary><code>force_transfer(source, dest, value)</code></summary>

-Taking 0.0157 % of a block.
+Taking 0.0242 % of a block.

 ```rust
 source: AccountIdLookupOf<T>
@@ -1819,7 +1828,7 @@ may be specified.

 <details><summary><code>force_unreserve(who, amount)</code></summary>

-Taking 0.0081 % of a block.
+Taking 0.0096 % of a block.

 ```rust
 who: AccountIdLookupOf<T>
@@ -1838,7 +1847,7 @@ Can only be called by ROOT.

 <details><summary><code>remove_member(member_id)</code></summary>

-Taking 0.0345 % of a block.
+Taking 0.0366 % of a block.

 ```rust
 member_id: T::MemberId
@@ -1882,7 +1891,7 @@ Only callable by root.

 <details><summary><code>set_members(new_members, prime, old_count)</code></summary>

-Taking 0.0823 % of a block.
+Taking 0.0868 % of a block.

 ```rust
 new_members: Vec<T::AccountId>
@@ -1921,7 +1930,7 @@ with other logic managing the member set.

 <details><summary><code>disapprove_proposal(proposal_hash)</code></summary>

-Taking 0.0134 % of a block.
+Taking 0.014 % of a block.

 ```rust
 proposal_hash: T::Hash
@@ -1946,7 +1955,7 @@ O(P) where P is the number of max proposals

 <details><summary><code>prune_item_identities_names(names)</code></summary>

-Taking 2.6583 % of a block.
+Taking 2.6984 % of a block.

 ```rust
 names: Vec<IdtyName>
@@ -1962,7 +1971,7 @@ remove identity names from storage

 <details><summary><code>dispatch_as(as_origin, call)</code></summary>

-Taking 0.0048 % of a block.
+Taking 0.0059 % of a block.

 ```rust
 as_origin: Box<T::PalletsOrigin>
@@ -1993,7 +2002,7 @@ There are **4** disabled calls from **2** pallets.

 <details><summary><code>remark(remark)</code></summary>

-Taking 0.0544 % of a block.
+Taking 0.0955 % of a block.

 ```rust
 remark: Vec<u8>
@@ -2010,7 +2019,7 @@ Make some on-chain remark.

 <details><summary><code>remark_with_event(remark)</code></summary>

-Taking 0.2043 % of a block.
+Taking 0.3514 % of a block.

 ```rust
 remark: Vec<u8>
@@ -2026,7 +2035,7 @@ Make some on-chain remark and emit event.

 <details><summary><code>set_keys(keys, proof)</code></summary>

-Taking 0.0204 % of a block.
+Taking 0.0212 % of a block.

 ```rust
 keys: T::Keys
@@ -2049,7 +2058,7 @@ The dispatch origin of this function must be signed.

 <details><summary><code>purge_keys()</code></summary>

-Taking 0.0185 % of a block.
+Taking 0.0189 % of a block.

 ```rust
 ```

--- a/docs/api/runtime-errors.md
+++ b/docs/api/runtime-errors.md
 # Runtime errors

-There are **176** errors from **35** pallets.
+There are **174** errors from **35** pallets.

 <ul>
 <li>System - 0
@@ -814,119 +814,105 @@ Identity already created.
 <li>
 <details>
 <summary>
-<code>IdtyAlreadyValidated</code> - 2</summary>
-Identity already validated.
-</details>
-</li>
-<li>
-<details>
-<summary>
-<code>IdtyIndexNotFound</code> - 3</summary>
+<code>IdtyIndexNotFound</code> - 2</summary>
 Identity index not found.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>IdtyNameAlreadyExist</code> - 4</summary>
+<code>IdtyNameAlreadyExist</code> - 3</summary>
 Identity name already exists.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>IdtyNameInvalid</code> - 5</summary>
+<code>IdtyNameInvalid</code> - 4</summary>
 Invalid identity name.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>IdtyNotConfirmed</code> - 6</summary>
-Identity not confirmed by its owner.
-</details>
-</li>
-<li>
-<details>
-<summary>
-<code>IdtyNotFound</code> - 7</summary>
+<code>IdtyNotFound</code> - 5</summary>
 Identity not found.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>InvalidSignature</code> - 8</summary>
+<code>InvalidSignature</code> - 6</summary>
 Invalid payload signature.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>InvalidRevocationKey</code> - 9</summary>
+<code>InvalidRevocationKey</code> - 7</summary>
 Invalid revocation key.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>IssuerNotMember</code> - 10</summary>
+<code>IssuerNotMember</code> - 8</summary>
 Issuer is not member and can not perform this action.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>NotRespectIdtyCreationPeriod</code> - 11</summary>
+<code>NotRespectIdtyCreationPeriod</code> - 9</summary>
 Identity creation period is not respected.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>OwnerKeyAlreadyRecentlyChanged</code> - 12</summary>
+<code>OwnerKeyAlreadyRecentlyChanged</code> - 10</summary>
 Owner key already changed recently.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>OwnerKeyAlreadyUsed</code> - 13</summary>
+<code>OwnerKeyAlreadyUsed</code> - 11</summary>
 Owner key already used.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>ProhibitedToRevertToAnOldKey</code> - 14</summary>
+<code>ProhibitedToRevertToAnOldKey</code> - 12</summary>
 Reverting to an old key is prohibited.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>AlreadyRevoked</code> - 15</summary>
+<code>AlreadyRevoked</code> - 13</summary>
 Already revoked.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>CanNotRevokeUnconfirmed</code> - 16</summary>
+<code>CanNotRevokeUnconfirmed</code> - 14</summary>
 Can not revoke identity that never was member.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>CanNotRevokeUnvalidated</code> - 17</summary>
+<code>CanNotRevokeUnvalidated</code> - 15</summary>
 Can not revoke identity that never was member.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>AccountNotExist</code> - 18</summary>
+<code>AccountNotExist</code> - 16</summary>
 Cannot link to an inexisting account.
 </details>
 </li>
@@ -937,68 +923,68 @@ Cannot link to an inexisting account.
 <li>
 <details>
 <summary>
-<code>IdtyIdNotFound</code> - 0</summary>
-Identity ID not found.
+<code>MembershipNotFound</code> - 0</summary>
+Membership not found, can not renew.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>MembershipAlreadyAcquired</code> - 1</summary>
-Membership already acquired.
+<code>AlreadyMember</code> - 1</summary>
+Already member, can not add membership.
 </details>
 </li>
+</ul>
+</li>
+<li>Certification - 43
+<ul>
 <li>
 <details>
 <summary>
-<code>MembershipNotFound</code> - 2</summary>
-Membership not found.
+<code>OriginMustHaveAnIdentity</code> - 0</summary>
+Issuer of a certification must have an identity
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>AlreadyMember</code> - 3</summary>
-Already member, can not claim membership.
+<code>CannotCertifySelf</code> - 1</summary>
+Identity cannot certify itself.
 </details>
 </li>
-</ul>
-</li>
-<li>Certification - 43
-<ul>
 <li>
 <details>
 <summary>
-<code>CannotCertifySelf</code> - 0</summary>
-Identity cannot certify itself.
+<code>IssuedTooManyCert</code> - 2</summary>
+Identity has already issued the maximum number of certifications.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>IssuedTooManyCert</code> - 1</summary>
-Identity has already issued the maximum number of certifications.
+<code>NotEnoughCertReceived</code> - 3</summary>
+Insufficient certifications received.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>IssuerNotFound</code> - 2</summary>
-Issuer not found.
+<code>NotRespectCertPeriod</code> - 4</summary>
+Identity has issued a certification too recently.
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>NotEnoughCertReceived</code> - 3</summary>
-Insufficient certifications received.
+<code>CertAlreadyExists</code> - 5</summary>
+Can not add an already-existing cert
 </details>
 </li>
 <li>
 <details>
 <summary>
-<code>NotRespectCertPeriod</code> - 4</summary>
-Identity has issued a certification too recently.
+<code>CertDoesNotExist</code> - 6</summary>
+Can not renew a non-existing cert
 </details>
 </li>
 </ul>

--- a/end2end-tests/tests/common/cert.rs
+++ b/end2end-tests/tests/common/cert.rs
@@ -25,7 +25,7 @@ pub async fn certify(client: &Client, from: AccountKeyring, to: AccountKeyring)
    let from = from.to_account_id();
    let to = to.to_account_id();

-    let issuer_index = client
+    let _issuer_index = client
        .storage()
        .at_latest()
        .await
@@ -51,9 +51,7 @@ pub async fn certify(client: &Client, from: AccountKeyring, to: AccountKeyring)
        client
            .tx()
            .create_signed(
-                &gdev::tx()
-                    .certification()
-                    .add_cert(issuer_index, receiver_index),
+                &gdev::tx().certification().add_cert(receiver_index),
                &signer,
                BaseExtrinsicParamsBuilder::new(),
            )

--- a/pallets/certification/Cargo.toml
+++ b/pallets/certification/Cargo.toml
@@ -25,6 +25,7 @@ std = [
 try-runtime = ['frame-support/try-runtime']

 [dependencies]
+duniter-primitives = { path = "../../primitives/duniter", default-features = false }

 # substrate
 scale-info = { version = "2.1.1", default-features = false, features = ["derive"] }

--- a/pallets/certification/src/benchmarking.rs
+++ b/pallets/certification/src/benchmarking.rs
@@ -21,7 +21,6 @@ use super::*;
 use frame_benchmarking::benchmarks;
 use frame_benchmarking::Zero;
 use frame_system::RawOrigin;
-use sp_runtime::traits::Convert;

 #[cfg(test)]
 use maplit::btreemap;
@@ -51,27 +50,47 @@ benchmarks! {
    }
    add_cert {
        let issuer: T::IdtyIndex = 1.into();
-        let caller: T::AccountId  = T::OwnerKeyOf::convert(issuer).unwrap();
+        let caller: T::AccountId  = T::IdtyAttr::owner_key(issuer).unwrap();
        let caller_origin: <T as frame_system::Config>::RuntimeOrigin = RawOrigin::Signed(caller.clone()).into();
        let receiver: T::IdtyIndex = 2.into();
        Pallet::<T>::del_cert(RawOrigin::Root.into(), issuer, receiver)?;
        let issuer_cert: u32 = StorageIdtyCertMeta::<T>::get(issuer).issued_count;
        let receiver_cert: u32 = StorageIdtyCertMeta::<T>::get(receiver).received_count;
        frame_system::pallet::Pallet::<T>::set_block_number(T::CertPeriod::get());
-    }: _<T::RuntimeOrigin>(caller_origin, issuer, receiver)
+    }: _<T::RuntimeOrigin>(caller_origin, receiver)
    verify {
        assert_has_event::<T>(Event::<T>::CertAdded{ issuer, receiver }.into());
    }
+
+    renew_cert {
+        let issuer: T::IdtyIndex = 1.into();
+        let caller: T::AccountId  = T::IdtyAttr::owner_key(issuer).unwrap();
+        let caller_origin: <T as frame_system::Config>::RuntimeOrigin = RawOrigin::Signed(caller.clone()).into();
+        let receiver: T::IdtyIndex = 2.into();
+        Pallet::<T>::del_cert(RawOrigin::Root.into(), issuer, receiver)?;
+        let issuer_cert: u32 = StorageIdtyCertMeta::<T>::get(issuer).issued_count;
+        let receiver_cert: u32 = StorageIdtyCertMeta::<T>::get(receiver).received_count;
+        frame_system::pallet::Pallet::<T>::set_block_number(T::CertPeriod::get());
+        Pallet::<T>::add_cert(caller_origin.clone(), receiver)?;
+        frame_system::pallet::Pallet::<T>::set_block_number(T::CertPeriod::get() + T::CertPeriod::get());
+    }: _<T::RuntimeOrigin>(caller_origin, receiver)
+    verify {
+        assert_has_event::<T>(Event::<T>::CertAdded{ issuer, receiver }.into());
+    }
+
    del_cert {
        let issuer: T::IdtyIndex = 1.into();
-        let receiver: T::IdtyIndex = 0.into();
-        Pallet::<T>::do_add_cert_checked(issuer, receiver, false)?;
+        let receiver: T::IdtyIndex = 2.into();
+        // try to add cert if missing, else ignore
+        // this depends on initial data
+        let _ = Pallet::<T>::do_add_cert_checked(issuer, receiver, false);
        let receiver_cert: u32 = StorageIdtyCertMeta::<T>::get(receiver).received_count;
        let issuer_cert: u32 = StorageIdtyCertMeta::<T>::get(issuer).issued_count;
    }: _<T::RuntimeOrigin>(RawOrigin::Root.into(), issuer, receiver)
    verify {
        assert_has_event::<T>(Event::<T>::CertRemoved{ issuer,  receiver, expiration: false }.into());
    }
+
    remove_all_certs_received_by {
        let receiver: T::IdtyIndex = 0.into();
        let i in 2..1000 => add_certs::<T>(i, receiver)?;
@@ -79,14 +98,18 @@ benchmarks! {
    verify {
        assert!(CertsByReceiver::<T>::get(receiver).is_empty() );
    }
+
    on_initialize {
        assert!(CertsRemovableOn::<T>::try_get(T::BlockNumber::zero()).is_err());
    }: {Pallet::<T>::on_initialize(T::BlockNumber::zero());}
+
    do_remove_cert_noop {
    }: {Pallet::<T>::do_remove_cert(100.into(), 101.into(), Some(T::BlockNumber::zero()));}
+
    do_remove_cert {
        let issuer: T::IdtyIndex = 1.into();
        let receiver: T::IdtyIndex = 0.into();
+        Pallet::<T>::do_remove_cert(issuer, receiver, None);
        Pallet::<T>::do_add_cert_checked(issuer, receiver, false)?;
        let issuer_cert: u32 = StorageIdtyCertMeta::<T>::get(issuer).issued_count;
        let receiver_cert: u32 = StorageIdtyCertMeta::<T>::get(receiver).received_count;

--- a/pallets/certification/src/lib.rs
+++ b/pallets/certification/src/lib.rs
@@ -35,6 +35,7 @@ pub use weights::WeightInfo;

 use crate::traits::*;
 use codec::Codec;
+use duniter_primitives::Idty;
 use frame_support::pallet_prelude::*;
 use frame_support::traits::StorageVersion;
 use sp_runtime::traits::AtLeast32BitUnsigned;
@@ -44,7 +45,7 @@ use sp_std::{fmt::Debug, vec::Vec};
 pub mod pallet {
    use super::*;
    use frame_system::pallet_prelude::*;
-    use sp_runtime::traits::{Convert, Saturating};
+    use sp_runtime::traits::Saturating;
    use sp_std::collections::btree_map::BTreeMap;

    /// The current storage version.
@@ -70,8 +71,8 @@ pub mod pallet {
            + MaybeSerializeDeserialize
            + Debug
            + MaxEncodedLen;
-        /// Something that give the owner key of an identity.
-        type OwnerKeyOf: Convert<Self::IdtyIndex, Option<Self::AccountId>>;
+        /// Something that gives the IdtyId of an AccountId and reverse
+        type IdtyAttr: duniter_primitives::Idty<Self::IdtyIndex, Self::AccountId>;
        /// Provide method to check that cert is allowed.
        type CheckCertAllowed: CheckCertAllowed<Self::IdtyIndex>;
        #[pallet::constant]
@@ -244,16 +245,20 @@ pub mod pallet {

    #[pallet::error]
    pub enum Error<T> {
+        /// Issuer of a certification must have an identity
+        OriginMustHaveAnIdentity,
        /// Identity cannot certify itself.
        CannotCertifySelf,
        /// Identity has already issued the maximum number of certifications.
        IssuedTooManyCert,
-        /// Issuer not found.
-        IssuerNotFound,
        /// Insufficient certifications received.
        NotEnoughCertReceived,
        /// Identity has issued a certification too recently.
        NotRespectCertPeriod,
+        /// Can not add an already-existing cert
+        CertAlreadyExists,
+        /// Can not renew a non-existing cert
+        CertDoesNotExist,
    }

    #[pallet::hooks]
@@ -267,29 +272,31 @@ pub mod pallet {

    #[pallet::call]
    impl<T: Config> Pallet<T> {
-        /// Add a new certification or renew an existing one
-        ///
-        /// - `receiver`: the account receiving the certification from the origin
-        ///
-        /// The origin must be allow to certify.
+        /// Add a new certification.
        #[pallet::call_index(0)]
        #[pallet::weight(T::WeightInfo::add_cert())]
        pub fn add_cert(
            origin: OriginFor<T>,
-            issuer: T::IdtyIndex,
            receiver: T::IdtyIndex,
        ) -> DispatchResultWithPostInfo {
-            let who = ensure_signed(origin)?;
-
-            // Verify caller ownership
-            let issuer_owner_key =
-                T::OwnerKeyOf::convert(issuer).ok_or(Error::<T>::IssuerNotFound)?;
-            ensure!(issuer_owner_key == who, DispatchError::BadOrigin);
-
+            let issuer = Self::origin_to_index(origin)?;
            let block_number = frame_system::pallet::Pallet::<T>::block_number();
            Self::check_add_cert(issuer, receiver, block_number)?;
-            Self::do_add_cert(block_number, issuer, receiver);
+            Self::try_add_cert(block_number, issuer, receiver)?;
+            Ok(().into())
+        }

+        /// Renew an existing certification.
+        #[pallet::call_index(3)]
+        #[pallet::weight(T::WeightInfo::renew_cert())]
+        pub fn renew_cert(
+            origin: OriginFor<T>,
+            receiver: T::IdtyIndex,
+        ) -> DispatchResultWithPostInfo {
+            let issuer = Self::origin_to_index(origin)?;
+            let block_number = frame_system::pallet::Pallet::<T>::block_number();
+            Self::check_renew_cert(issuer, receiver, block_number)?;
+            Self::try_renew_cert(block_number, issuer, receiver)?;
            Ok(().into())
        }

@@ -324,7 +331,14 @@ pub mod pallet {
    // INTERNAL FUNCTIONS //

    impl<T: Config> Pallet<T> {
+        /// get issuer index from origin
+        pub fn origin_to_index(origin: OriginFor<T>) -> Result<T::IdtyIndex, DispatchError> {
+            let who = ensure_signed(origin)?;
+            T::IdtyAttr::idty_index(who).ok_or(Error::<T>::OriginMustHaveAnIdentity.into())
+        }
+
        /// add a certification without checks
+        // this is used on identity creation to add the first certification
        pub fn do_add_cert_checked(
            issuer: T::IdtyIndex,
            receiver: T::IdtyIndex,
@@ -337,42 +351,41 @@ pub mod pallet {
                Self::check_add_cert_internal(issuer, receiver, block_number)?;
            };

-            Self::do_add_cert(block_number, issuer, receiver);
+            Self::try_add_cert(block_number, issuer, receiver)?;

            Ok(().into())
        }

-        /// perform cert addition or renewal
-        fn do_add_cert(block_number: T::BlockNumber, issuer: T::IdtyIndex, receiver: T::IdtyIndex) {
+        /// perform cert addition if not existing, else CertAlreadyExists
+        // must be transactional
+        fn try_add_cert(
+            block_number: T::BlockNumber,
+            issuer: T::IdtyIndex,
+            receiver: T::IdtyIndex,
+        ) -> DispatchResultWithPostInfo {
            // Write CertsRemovableOn
            let removable_on = block_number + T::ValidityPeriod::get();
            <CertsRemovableOn<T>>::append(removable_on, (issuer, receiver));

            // Write CertsByReceiver
-            let mut created = false;
            CertsByReceiver::<T>::mutate_exists(receiver, |maybe_issuers| {
                let issuers = maybe_issuers.get_or_insert(Vec::with_capacity(0));
-                match issuers.binary_search_by(|(issuer_, _)| issuer_.cmp(&issuer)) {
-                    // cert exists, must be renewed
-                    Ok(index) => {
-                        issuers[index] = (issuer, removable_on);
-                    }
                // cert does not exist, must be created
-                    Err(index) => {
+                if let Err(index) = issuers.binary_search_by(|(issuer_, _)| issuer_.cmp(&issuer)) {
                    issuers.insert(index, (issuer, removable_on));
-                        created = true;
-                    }
+                    Ok(())
+                } else {
+                    // cert exists, must be renewed instead
+                    Err(Error::<T>::CertAlreadyExists)
                }
-            });
+            })?;

-            if created {
            // Write StorageIdtyCertMeta for issuer
            let issuer_issued_count =
                StorageIdtyCertMeta::<T>::mutate(issuer, |issuer_idty_cert_meta| {
                    issuer_idty_cert_meta.issued_count =
                        issuer_idty_cert_meta.issued_count.saturating_add(1);
-                        issuer_idty_cert_meta.next_issuable_on =
-                            block_number + T::CertPeriod::get();
+                    issuer_idty_cert_meta.next_issuable_on = block_number + T::CertPeriod::get();
                    issuer_idty_cert_meta.issued_count
                });

@@ -392,14 +405,39 @@ pub mod pallet {
                receiver,
                receiver_received_count,
            );
+            Ok(().into())
+        }
+
+        /// perform cert renewal if exisiting, else error with CertDoesNotExist
+        // must be used in transactional context
+        // (it can fail if certification does not exist after having modified state)
+        fn try_renew_cert(
+            block_number: T::BlockNumber,
+            issuer: T::IdtyIndex,
+            receiver: T::IdtyIndex,
+        ) -> DispatchResultWithPostInfo {
+            // Write CertsRemovableOn
+            let removable_on = block_number + T::ValidityPeriod::get();
+            <CertsRemovableOn<T>>::append(removable_on, (issuer, receiver));
+            // Write CertsByReceiver
+            CertsByReceiver::<T>::mutate_exists(receiver, |maybe_issuers| {
+                let issuers = maybe_issuers.get_or_insert(Vec::with_capacity(0));
+                // cert exists, can be renewed
+                if let Ok(index) = issuers.binary_search_by(|(issuer_, _)| issuer_.cmp(&issuer)) {
+                    issuers[index] = (issuer, removable_on);
+                    Ok(())
                } else {
+                    // cert does not exist, must be created
+                    Err(Error::<T>::CertDoesNotExist)
+                }
+            })?;
            // Update next_issuable_on in StorageIdtyCertMeta for issuer
            StorageIdtyCertMeta::<T>::mutate(issuer, |issuer_idty_cert_meta| {
                issuer_idty_cert_meta.next_issuable_on = block_number + T::CertPeriod::get();
            });
            // emit CertRenewed event
            Self::deposit_event(Event::CertRenewed { issuer, receiver });
-            };
+            Ok(().into())
        }

        /// remove the certifications due to expire on the given block
@@ -419,6 +457,7 @@ pub mod pallet {

        /// perform the certification removal
        /// if block number is given only remove cert if still set to expire at this block number
+        // this is used because cert expiry unscheduling is not done (#110)
        pub fn do_remove_cert(
            issuer: T::IdtyIndex,
            receiver: T::IdtyIndex,
@@ -535,6 +574,17 @@ pub mod pallet {

            Ok(())
        }
+
+        /// check renew cert allowed
+        fn check_renew_cert(
+            issuer: T::IdtyIndex,
+            receiver: T::IdtyIndex,
+            block_number: T::BlockNumber,
+        ) -> DispatchResult {
+            Self::check_add_cert_internal(issuer, receiver, block_number)?;
+            T::CheckCertAllowed::check_cert_allowed(issuer, receiver)?;
+            Ok(())
+        }
    }
 }


--- a/pallets/certification/src/mock.rs
+++ b/pallets/certification/src/mock.rs
@@ -87,7 +87,7 @@ parameter_types! {
 impl pallet_certification::Config for Test {
    type CertPeriod = CertPeriod;
    type IdtyIndex = IdtyIndex;
-    type OwnerKeyOf = sp_runtime::traits::ConvertInto;
+    type IdtyAttr = ();
    type CheckCertAllowed = ();
    type MaxByIssuer = MaxByIssuer;
    type MinReceivedCertToBeAbleToIssueCert = MinReceivedCertToBeAbleToIssueCert;

--- a/pallets/certification/src/tests.rs
+++ b/pallets/certification/src/tests.rs
@@ -28,7 +28,7 @@ fn test_must_receive_cert_before_can_issue() {
    })
    .execute_with(|| {
        assert_eq!(
-            DefaultCertification::add_cert(RuntimeOrigin::signed(0), 0, 1),
+            DefaultCertification::add_cert(RuntimeOrigin::signed(0), 1),
            Err(Error::<Test>::NotEnoughCertReceived.into())
        );
    });
@@ -49,7 +49,7 @@ fn test_cannot_certify_self() {
        run_to_block(2);

        assert_eq!(
-            DefaultCertification::add_cert(RuntimeOrigin::signed(0), 0, 0),
+            DefaultCertification::add_cert(RuntimeOrigin::signed(0), 0),
            Err(Error::<Test>::CannotCertifySelf.into())
        );
    });
@@ -151,26 +151,18 @@ fn test_cert_period() {
            }
        );
        assert_eq!(
-            DefaultCertification::add_cert(RuntimeOrigin::signed(0), 0, 3),
+            DefaultCertification::add_cert(RuntimeOrigin::signed(0), 3),
            Err(Error::<Test>::NotRespectCertPeriod.into())
        );
        run_to_block(CertPeriod::get());
-        assert_ok!(DefaultCertification::add_cert(
-            RuntimeOrigin::signed(0),
-            0,
-            3
-        ));
+        assert_ok!(DefaultCertification::add_cert(RuntimeOrigin::signed(0), 3));
        run_to_block(CertPeriod::get() + 1);
        assert_eq!(
-            DefaultCertification::add_cert(RuntimeOrigin::signed(0), 0, 4),
+            DefaultCertification::add_cert(RuntimeOrigin::signed(0), 4),
            Err(Error::<Test>::NotRespectCertPeriod.into())
        );
        run_to_block((2 * CertPeriod::get()) + 1);
-        assert_ok!(DefaultCertification::add_cert(
-            RuntimeOrigin::signed(0),
-            0,
-            4
-        ));
+        assert_ok!(DefaultCertification::add_cert(RuntimeOrigin::signed(0), 4));
    });
 }

@@ -236,7 +228,7 @@ fn test_cert_renewal() {
        // renew certification from bob to alice
        // this certification should expire 10 blocks later (at block 12)
        assert_eq!(
-            DefaultCertification::add_cert(RuntimeOrigin::signed(1), 1, 0),
+            DefaultCertification::renew_cert(RuntimeOrigin::signed(1), 0),
            Ok(().into())
        );
        System::assert_last_event(RuntimeEvent::DefaultCertification(Event::CertRenewed {
@@ -278,7 +270,7 @@ fn test_cert_renewal_cert_delay() {
        run_to_block(2);
        // renew certification from bob to alice
        assert_eq!(
-            DefaultCertification::add_cert(RuntimeOrigin::signed(1), 1, 0),
+            DefaultCertification::renew_cert(RuntimeOrigin::signed(1), 0),
            Ok(().into())
        );
        System::assert_last_event(RuntimeEvent::DefaultCertification(Event::CertRenewed {
@@ -289,7 +281,7 @@ fn test_cert_renewal_cert_delay() {
        run_to_block(3);
        // try to renew again
        assert_noop!(
-            DefaultCertification::add_cert(RuntimeOrigin::signed(1), 1, 0),
+            DefaultCertification::add_cert(RuntimeOrigin::signed(1), 0),
            Error::<Test>::NotRespectCertPeriod,
        );
        // no renewal event should be emitted
@@ -322,7 +314,7 @@ fn test_cert_renewal_expiration() {
        // renew certification from bob to alice
        // this certification should expire 10 blocks later (at block 12)
        assert_eq!(
-            DefaultCertification::add_cert(RuntimeOrigin::signed(1), 1, 0),
+            DefaultCertification::renew_cert(RuntimeOrigin::signed(1), 0),
            Ok(().into())
        );
        System::assert_last_event(RuntimeEvent::DefaultCertification(Event::CertRenewed {
@@ -334,7 +326,7 @@ fn test_cert_renewal_expiration() {
        // renew certification from bob to alice again
        // this certification should expire 10 blocks later (at block 14)
        assert_eq!(
-            DefaultCertification::add_cert(RuntimeOrigin::signed(1), 1, 0),
+            DefaultCertification::renew_cert(RuntimeOrigin::signed(1), 0),
            Ok(().into())
        );
        System::assert_last_event(RuntimeEvent::DefaultCertification(Event::CertRenewed {

--- a/pallets/certification/src/weights.rs
+++ b/pallets/certification/src/weights.rs
@@ -21,6 +21,7 @@ use frame_support::weights::{constants::RocksDbWeight, Weight};
 /// Weight functions needed for pallet_universal_dividend.
 pub trait WeightInfo {
    fn add_cert() -> Weight;
+    fn renew_cert() -> Weight;
    fn del_cert() -> Weight;
    fn remove_all_certs_received_by(i: u32) -> Weight;
    fn on_initialize() -> Weight;
@@ -41,6 +42,17 @@ impl WeightInfo for () {
            .saturating_add(RocksDbWeight::get().reads(7 as u64))
            .saturating_add(RocksDbWeight::get().writes(4 as u64))
    }
+    // Storage: Identity Identities (r:2 w:0)
+    // Storage: Cert StorageIdtyCertMeta (r:2 w:2)
+    // Storage: Parameters ParametersStorage (r:1 w:0)
+    // Storage: Cert CertsRemovableOn (r:1 w:1)
+    // Storage: Cert CertsByReceiver (r:1 w:1)
+    fn renew_cert() -> Weight {
+        // Minimum execution time: 259_247 nanoseconds.
+        Weight::from_parts(269_348_000 as u64, 0)
+            .saturating_add(RocksDbWeight::get().reads(7 as u64))
+            .saturating_add(RocksDbWeight::get().writes(4 as u64))
+    }
    // Storage: Cert CertsByReceiver (r:1 w:1)
    // Storage: Cert StorageIdtyCertMeta (r:2 w:2)
    // Storage: Parameters ParametersStorage (r:1 w:0)

--- a/pallets/duniter-account/src/lib.rs
+++ b/pallets/duniter-account/src/lib.rs
@@ -218,16 +218,7 @@ pub mod pallet {
        }

        /// link account to identity
-        pub fn do_link_identity(
-            account_id: &T::AccountId,
-            idty_id: IdtyIdOf<T>,
-        ) -> Result<(), DispatchError> {
-            // Check that account exist
-            ensure!(
-                (frame_system::Account::<T>::get(account_id).providers >= 1)
-                    || (frame_system::Account::<T>::get(account_id).sufficients >= 1),
-                pallet_identity::Error::<T>::AccountNotExist
-            );
+        pub fn do_link_identity(account_id: &T::AccountId, idty_id: IdtyIdOf<T>) {
            // no-op if identity does not change
            if frame_system::Account::<T>::get(account_id).data.linked_idty != Some(idty_id) {
                frame_system::Account::<T>::mutate(account_id, |account| {
@@ -237,8 +228,7 @@ pub mod pallet {
                        identity: idty_id,
                    });
                })
-            }
-            Ok(())
+            };
        }
    }

@@ -332,7 +322,14 @@ where
    T: Config,
 {
    fn link_identity(account_id: &T::AccountId, idty_id: IdtyIdOf<T>) -> Result<(), DispatchError> {
-        Self::do_link_identity(account_id, idty_id)
+        // Check that account exist
+        ensure!(
+            (frame_system::Account::<T>::get(account_id).providers >= 1)
+                || (frame_system::Account::<T>::get(account_id).sufficients >= 1),
+            pallet_identity::Error::<T>::AccountNotExist
+        );
+        Self::do_link_identity(account_id, idty_id);
+        Ok(())
    }
 }


--- a/pallets/duniter-wot/src/mock.rs
+++ b/pallets/duniter-wot/src/mock.rs
@@ -166,7 +166,7 @@ parameter_types! {
 impl pallet_certification::Config for Test {
    type CertPeriod = CertPeriod;
    type IdtyIndex = IdtyIndex;
-    type OwnerKeyOf = Identity;
+    type IdtyAttr = Identity;
    type CheckCertAllowed = DuniterWot;
    type MaxByIssuer = MaxByIssuer;
    type MinReceivedCertToBeAbleToIssueCert = MinReceivedCertToBeAbleToIssueCert;

--- a/pallets/duniter-wot/src/tests.rs
+++ b/pallets/duniter-wot/src/tests.rs
@@ -115,7 +115,7 @@ fn test_new_idty_validation() {

        // Bob should be able to certify Ferdie
        run_to_block(4);
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(2), 2, 6));
+        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(2), 6));
        System::assert_has_event(RuntimeEvent::Cert(pallet_certification::Event::CertAdded {
            issuer: 2,
            receiver: 6,
@@ -248,8 +248,8 @@ fn test_idty_membership_expire() {

        run_to_block(5);
        // renew certifications so that Alice can still issue cert at block 22
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(2), 2, 1));
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(3), 3, 1));
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(2), 1));
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(3), 1));

        // Charlie's membership should expire at block #8
        run_to_block(8);
@@ -297,7 +297,7 @@ fn test_idty_membership_expire() {
        );
        // Alice can't certify revoked identity
        assert_noop!(
-            Cert::add_cert(RuntimeOrigin::signed(1), 1, 3),
+            Cert::add_cert(RuntimeOrigin::signed(1), 3),
            pallet_duniter_wot::Error::<Test>::TargetStatusInvalid
        );

@@ -310,7 +310,7 @@ fn test_idty_membership_expire() {
        ));
        // Alice can't certify removed identity
        assert_noop!(
-            Cert::add_cert(RuntimeOrigin::signed(1), 1, 3),
+            Cert::add_cert(RuntimeOrigin::signed(1), 3),
            pallet_duniter_wot::Error::<Test>::IdtyNotFound
        );
    });
@@ -347,13 +347,13 @@ fn test_certification_expire() {
        // cert Bob → Alice not renewed
        // --- BLOCK 2 ---
        run_to_block(2);
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(1), 1, 2));
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(2), 2, 3));
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(3), 3, 1));
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(1), 2));
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(2), 3));
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(3), 1));
        // --- BLOCK 4 ---
        run_to_block(4);
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(1), 1, 3));
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(3), 3, 2));
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(1), 3));
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(3), 2));
        // --- BLOCK 7 ---
        run_to_block(7);
        assert_ok!(Membership::try_renew_membership(1));
@@ -425,15 +425,15 @@ fn test_cert_can_not_be_issued() {
        // cert Bob → Alice not renewed
        // --- BLOCK 2 ---
        run_to_block(2);
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(1), 1, 2)); // +20
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(2), 2, 3)); // +20
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(3), 3, 4)); // +20
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(4), 4, 1)); // +20
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(1), 2)); // +20
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(2), 3)); // +20
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(3), 4)); // +20
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(4), 1)); // +20
                                                                   // --- BLOCK 4 ---
        run_to_block(4);
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(2), 2, 4)); // +20
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(3), 3, 2)); // +20
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(4), 4, 3)); // +20
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(2), 4)); // +20
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(3), 2)); // +20
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(4), 3)); // +20
                                                                   // --- BLOCK 7 ---
        run_to_block(7);
        assert_ok!(Membership::try_renew_membership(1)); // + 8
@@ -468,8 +468,9 @@ fn test_cert_can_not_be_issued() {
        run_to_block(21);
        // println!("{:?}", System::events());
        // Charlie certifies Alice so she again has enough certs
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(3), 3, 1));
-        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(4), 4, 1)); // renew
+        assert_ok!(Cert::add_cert(RuntimeOrigin::signed(3), 1));
+        assert_ok!(Cert::renew_cert(RuntimeOrigin::signed(4), 1));
+        // renew
        // Alice did not claim membership, she is not member
        // but her cert delay has been reset (→ 23)
        assert_eq!(Membership::membership(1), None);

--- a/pallets/identity/Cargo.toml
+++ b/pallets/identity/Cargo.toml
@@ -28,6 +28,7 @@ try-runtime = ['frame-support/try-runtime']
 targets = ['x86_64-unknown-linux-gnu']

 [dependencies]
+duniter-primitives = { path = "../../primitives/duniter", default-features = false }

 # crates.io
 codec = { package = 'parity-scale-codec', version = "3.1.5", features = ['derive'], default-features = false }

--- a/pallets/identity/src/lib.rs
+++ b/pallets/identity/src/lib.rs
@@ -480,12 +480,12 @@ pub mod pallet {
            let idty_value = Identities::<T>::get(idty_index).ok_or(Error::<T>::IdtyNotFound)?;

            match idty_value.status {
-                IdtyStatus::Unconfirmed => return Err(Error::<T>::CanNotRevokeUnconfirmed.into()),
-                IdtyStatus::Unvalidated => return Err(Error::<T>::CanNotRevokeUnvalidated.into()),
-                IdtyStatus::Member => (),
-                IdtyStatus::NotMember => (),
-                IdtyStatus::Revoked => return Err(Error::<T>::AlreadyRevoked.into()),
-            };
+                IdtyStatus::Unconfirmed => Err(Error::<T>::CanNotRevokeUnconfirmed),
+                IdtyStatus::Unvalidated => Err(Error::<T>::CanNotRevokeUnvalidated),
+                IdtyStatus::Member => Ok(()),
+                IdtyStatus::NotMember => Ok(()),
+                IdtyStatus::Revoked => Err(Error::<T>::AlreadyRevoked),
+            }?;

            ensure!(
                if let Some((ref old_owner_key, last_change)) = idty_value.old_owner_key {
@@ -595,16 +595,12 @@ pub mod pallet {
        IdtyAlreadyConfirmed,
        /// Identity already created.
        IdtyAlreadyCreated,
-        /// Identity already validated.
-        IdtyAlreadyValidated,
        /// Identity index not found.
        IdtyIndexNotFound,
        /// Identity name already exists.
        IdtyNameAlreadyExist,
        /// Invalid identity name.
        IdtyNameInvalid,
-        /// Identity not confirmed by its owner.
-        IdtyNotConfirmed,
        /// Identity not found.
        IdtyNotFound,
        /// Invalid payload signature.
@@ -647,9 +643,12 @@ pub mod pallet {
            if let Some(mut idty_value) = Identities::<T>::get(idty_index) {
                Self::unschedule_identity_change(idty_index, idty_value.next_scheduled);
                idty_value.next_scheduled = T::BlockNumber::zero();
+                if idty_value.status == IdtyStatus::Unvalidated {
+                    // only submit event first time, after that, only membership events are relevant
+                    Self::deposit_event(Event::IdtyValidated { idty_index });
+                };
                idty_value.status = IdtyStatus::Member;
                <Identities<T>>::insert(idty_index, idty_value);
-                Self::deposit_event(Event::IdtyValidated { idty_index });
            }
            // else should not happen
        }
@@ -852,6 +851,15 @@ impl<T: Config> sp_runtime::traits::Convert<T::IdtyIndex, Option<T::AccountId>>
        Identities::<T>::get(idty_index).map(|idty_val| idty_val.owner_key)
    }
 }
+// implement Idty trait
+impl<T: Config> duniter_primitives::Idty<T::IdtyIndex, T::AccountId> for Pallet<T> {
+    fn idty_index(owner_key: T::AccountId) -> Option<T::IdtyIndex> {
+        IdentityIndexOf::<T>::get(owner_key)
+    }
+    fn owner_key(idty_index: T::IdtyIndex) -> Option<T::AccountId> {
+        Identities::<T>::get(idty_index).map(|idty_val| idty_val.owner_key)
+    }
+}

 // implement StoredMap trait for this pallet
 impl<T> frame_support::traits::StoredMap<T::AccountId, T::IdtyData> for Pallet<T>

--- a/pallets/membership/src/lib.rs
+++ b/pallets/membership/src/lib.rs
@@ -175,13 +175,9 @@ pub mod pallet {

    #[pallet::error]
    pub enum Error<T> {
-        /// Identity ID not found.
-        IdtyIdNotFound,
-        /// Membership already acquired.
-        MembershipAlreadyAcquired,
-        /// Membership not found.
+        /// Membership not found, can not renew.
        MembershipNotFound,
-        /// Already member, can not claim membership.
+        /// Already member, can not add membership.
        AlreadyMember,
    }

@@ -245,7 +241,7 @@ pub mod pallet {
            let membership_data =
                Membership::<T>::get(idty_id).ok_or(Error::<T>::MembershipNotFound)?;

-            // enough certifications and distance rule for example
+            // enough certifications
            T::CheckMembershipOpAllowed::check_renew_membership(idty_id)?;
            Ok(membership_data)
        }

--- a/pallets/membership/src/weights.rs
+++ b/pallets/membership/src/weights.rs
@@ -20,45 +20,12 @@ use frame_support::weights::{constants::RocksDbWeight, Weight};

 /// Weight functions needed for pallet_universal_dividend.
 pub trait WeightInfo {
-    fn claim_membership() -> Weight;
-    fn renew_membership() -> Weight;
-    fn revoke_membership() -> Weight;
    fn on_initialize() -> Weight;
    fn expire_memberships(_i: u32) -> Weight;
 }

 // Insecure weights implementation, use it for tests only!
 impl WeightInfo for () {
-    fn claim_membership() -> Weight {
-        // Proof Size summary in bytes:
-        //  Measured:  `1272`
-        //  Estimated: `4737`
-        // Minimum execution time: 1_213_348_000 picoseconds.
-        Weight::from_parts(1_439_442_000, 0)
-            .saturating_add(Weight::from_parts(0, 4737))
-            .saturating_add(RocksDbWeight::get().reads(10))
-            .saturating_add(RocksDbWeight::get().writes(4))
-    }
-    fn renew_membership() -> Weight {
-        // Proof Size summary in bytes:
-        //  Measured:  `988`
-        //  Estimated: `6928`
-        // Minimum execution time: 714_537_000 picoseconds.
-        Weight::from_parts(862_085_000, 0)
-            .saturating_add(Weight::from_parts(0, 6928))
-            .saturating_add(RocksDbWeight::get().reads(7))
-            .saturating_add(RocksDbWeight::get().writes(3))
-    }
-    fn revoke_membership() -> Weight {
-        // Proof Size summary in bytes:
-        //  Measured:  `703`
-        //  Estimated: `6643`
-        // Minimum execution time: 847_926_000 picoseconds.
-        Weight::from_parts(1_282_028_000, 0)
-            .saturating_add(Weight::from_parts(0, 6643))
-            .saturating_add(RocksDbWeight::get().reads(8))
-            .saturating_add(RocksDbWeight::get().writes(5))
-    }
    fn on_initialize() -> Weight {
        // Proof Size summary in bytes:
        //  Measured:  `0`

--- a/primitives/duniter/src/lib.rs
+++ b/primitives/duniter/src/lib.rs
@@ -28,6 +28,22 @@ pub fn validate_idty_name(idty_name: &[u8]) -> bool {
            .all(|c| c.is_ascii_alphanumeric() || *c == b'-' || *c == b'_')
 }

+/// trait used to go from index to owner key and reverse
+pub trait Idty<IdtyIndex, AccountId> {
+    fn owner_key(index: IdtyIndex) -> Option<AccountId>;
+    fn idty_index(owner_key: AccountId) -> Option<IdtyIndex>;
+}
+
+// mock implementation for any type
+impl<T> Idty<T, T> for () {
+    fn owner_key(t: T) -> Option<T> {
+        Some(t)
+    }
+    fn idty_index(t: T) -> Option<T> {
+        Some(t)
+    }
+}
+
 #[cfg(test)]
 mod tests {
    use super::*;

--- a/resources/metadata.scale
+++ b/resources/metadata.scale
--- a/runtime/common/src/pallets_config.rs
+++ b/runtime/common/src/pallets_config.rs
@@ -497,7 +497,7 @@ macro_rules! pallets_config {
        impl pallet_certification::Config for Runtime {
            type CertPeriod = CertPeriod;
            type IdtyIndex = IdtyIndex;
-            type OwnerKeyOf = Identity;
+            type IdtyAttr = Identity;
            type CheckCertAllowed = Wot;
            type MaxByIssuer = MaxByIssuer;
            type MinReceivedCertToBeAbleToIssueCert = MinReceivedCertToBeAbleToIssueCert;