diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentAttributeRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentAttributeRepository.java
index 69ac13a0..67245188 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentAttributeRepository.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentAttributeRepository.java
@@ -14,4 +14,11 @@ public interface ComponentAttributeRepository extends JpaRepository<ComponentAtt
* @return a list of attribute results
*/
List<ComponentAttributeResult> findByComponentId(UUID componentId);
+
+ /**
+ * Query to look up Attribute Results based on the validation id.
+ * @param provisionSessionId uuid for the supplychainvalidationsummary
+ * @return a list of attribute results
+ */
+ List<ComponentAttributeResult> findByProvisionSessionId(UUID provisionSessionId);
}
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java
index 1fe1e0cf..8793fe37 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummary.java
@@ -46,6 +46,7 @@ public class SupplyChainValidationSummary extends ArchivableEntity {
private static final String DEVICE_ID_FIELD = "device.id";
+ @Getter
@Column
@Enumerated(EnumType.STRING)
private final AppraisalStatus.Status overallValidationResult;
@@ -58,6 +59,9 @@ public class SupplyChainValidationSummary extends ArchivableEntity {
targetEntity = SupplyChainValidation.class, orphanRemoval = true)
private final Set<SupplyChainValidation> validations;
+ @Column
+ private UUID provisionSessionId;
+
/**
* Default constructor necessary for Hibernate.
*/
@@ -177,6 +181,20 @@ public class SupplyChainValidationSummary extends ArchivableEntity {
return new SupplyChainValidationSummary.Selector(certMan);
}
+ /**
+ * Construct a new SupplyChainValidationSummary.
+ *
+ * @param device device that underwent supply chain validation
+ * @param validations a Collection of Validations that should comprise this summary; not null
+ * @param provisionSessionId randomly generated UUID to associate with results
+ */
+ public SupplyChainValidationSummary(final Device device,
+ final Collection<SupplyChainValidation> validations,
+ final UUID provisionSessionId) {
+ this(device, validations);
+ this.provisionSessionId = provisionSessionId;
+ }
+
/**
* Construct a new SupplyChainValidationSummary.
*
@@ -212,13 +230,6 @@ public class SupplyChainValidationSummary extends ArchivableEntity {
return new Device(this.device.getDeviceInfo());
}
- /**
- * @return the overall appraisal result
- */
- public AppraisalStatus.Status getOverallValidationResult() {
- return overallValidationResult;
- }
-
/**
* @return the validations that this summary contains
*/
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAttributeResult.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAttributeResult.java
index cc5ccc11..79b0ad52 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAttributeResult.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/ComponentAttributeResult.java
@@ -5,6 +5,7 @@ import jakarta.persistence.Entity;
import lombok.AccessLevel;
import lombok.Getter;
import lombok.NoArgsConstructor;
+import lombok.Setter;
import java.util.UUID;
@@ -19,12 +20,14 @@ import java.util.UUID;
public class ComponentAttributeResult extends ArchivableEntity {
private UUID componentId;
- private UUID validationId;
+ @Setter
+ private UUID provisionSessionId;
private String expectedValue;
private String actualValue;
/**
* Default constructor that populates the expected and actual values.
+ * @param componentId id associated with component result
* @param expectedValue platform certificate value
* @param actualValue paccor value from the device
*/
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java
index 373e02d7..bdf23c46 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/SupplyChainValidationService.java
@@ -35,6 +35,7 @@ import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
+import java.util.UUID;
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.FAIL;
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS;
@@ -52,6 +53,7 @@ public class SupplyChainValidationService {
private CertificateRepository certificateRepository;
private SupplyChainValidationRepository supplyChainValidationRepository;
private SupplyChainValidationSummaryRepository supplyChainValidationSummaryRepository;
+ private UUID provisionSessionId;
/**
* Constructor.
@@ -105,6 +107,7 @@ public class SupplyChainValidationService {
final Device device,
final List<ComponentInfo> componentInfos) {
boolean acceptExpiredCerts = getPolicySettings().isExpiredCertificateValidationEnabled();
+ provisionSessionId = UUID.randomUUID();
PlatformCredential baseCredential = null;
SupplyChainValidation platformScv = null;
SupplyChainValidation basePlatformScv = null;
@@ -235,7 +238,7 @@ public class SupplyChainValidationService {
platformScv = ValidationService.evaluatePCAttributesStatus(
baseCredential, device.getDeviceInfo(), ec,
certificateRepository, componentResultRepository,
- componentAttributeRepository, componentInfos);
+ componentAttributeRepository, componentInfos, provisionSessionId);
validations.add(new SupplyChainValidation(
SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
platformScv.getValidationResult(), aes, platformScv.getMessage()));
@@ -262,7 +265,7 @@ public class SupplyChainValidationService {
log.info("The validation finished, summarizing...");
// Generate validation summary, save it, and return it.
SupplyChainValidationSummary summary
- = new SupplyChainValidationSummary(device, validations);
+ = new SupplyChainValidationSummary(device, validations, provisionSessionId);
try {
supplyChainValidationSummaryRepository.save(summary);
} catch (DBManagerException dbMEx) {
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java
index 081ff71e..84b229f0 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java
@@ -38,6 +38,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.UUID;
@Log4j2
public class ValidationService {
@@ -107,7 +108,8 @@ public class ValidationService {
final CertificateRepository certificateRepository,
final ComponentResultRepository componentResultRepository,
final ComponentAttributeRepository componentAttributeRepository,
- final List<ComponentInfo> componentInfos) {
+ final List<ComponentInfo> componentInfos,
+ final UUID provisionSessionId) {
final SupplyChainValidation.ValidationType validationType
= SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL_ATTRIBUTES;
@@ -118,12 +120,10 @@ public class ValidationService {
null, Level.ERROR);
}
log.info("Validating platform credential attributes");
-// List<ComponentResult> componentResults = componentResultRepository
-// .findByCertificateSerialNumberAndBoardSerialNumber(
-// pc.getSerialNumber().toString(), pc.getPlatformSerial());
AppraisalStatus result = CredentialValidator.
validatePlatformCredentialAttributes(pc, deviceInfoReport, ec,
- componentResultRepository, componentAttributeRepository, componentInfos);
+ componentResultRepository, componentAttributeRepository,
+ componentInfos, provisionSessionId);
switch (result.getAppStatus()) {
case PASS:
return buildValidationRecord(validationType, AppraisalStatus.Status.PASS,
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java
index a1ea00b5..1dbb3b3a 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java
@@ -36,6 +36,7 @@ import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
+import java.util.UUID;
import java.util.stream.Collectors;
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.ERROR;
@@ -196,6 +197,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
* @param componentResultRepository db access to component result of mismatching
* @param componentAttributeRepository db access to component attribute match status
* @param componentInfos list of device components
+ * @param provisionSessionId UUID associated with the SCV Summary
* @return either PASS or FAIL
*/
public static AppraisalStatus validatePlatformCredentialAttributesV2p0(
@@ -203,7 +205,8 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
final DeviceInfoReport deviceInfoReport,
final ComponentResultRepository componentResultRepository,
final ComponentAttributeRepository componentAttributeRepository,
- final List<ComponentInfo> componentInfos) {
+ final List<ComponentInfo> componentInfos,
+ final UUID provisionSessionId) {
boolean passesValidation = true;
StringBuilder resultMessage = new StringBuilder();
@@ -355,6 +358,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
}
for (ComponentAttributeResult componentAttributeResult : attributeResults) {
+ componentAttributeResult.setProvisionSessionId(provisionSessionId);
componentAttributeRepository.save(componentAttributeResult);
fieldValidation &= componentAttributeResult.checkMatchedStatus();
}
diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java
index 95fe8b7a..5917e130 100644
--- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java
+++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java
@@ -18,6 +18,7 @@ import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
+import java.util.UUID;
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.ERROR;
import static hirs.attestationca.persist.enums.AppraisalStatus.Status.FAIL;
@@ -175,7 +176,8 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
final EndorsementCredential endorsementCredential,
final ComponentResultRepository componentResultRepository,
final ComponentAttributeRepository componentAttributeRepository,
- final List<ComponentInfo> componentInfos) {
+ final List<ComponentInfo> componentInfos,
+ final UUID provisionSessionId) {
final String baseErrorMessage = "Can't validate platform credential attributes without ";
String message;
if (platformCredential == null) {
@@ -207,7 +209,7 @@ public class CredentialValidator extends SupplyChainCredentialValidator {
if (PlatformCredential.CERTIFICATE_TYPE_2_0.equals(credentialType)) {
return CertificateAttributeScvValidator.validatePlatformCredentialAttributesV2p0(
platformCredential, deviceInfoReport, componentResultRepository,
- componentAttributeRepository, componentInfos);
+ componentAttributeRepository, componentInfos, provisionSessionId);
}
return CertificateAttributeScvValidator.validatePlatformCredentialAttributesV1p2(
platformCredential, deviceInfoReport);
diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java
index f6dab990..728cd965 100644
--- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java
+++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java
@@ -5,6 +5,7 @@ import hirs.attestationca.persist.entity.manager.CertificateRepository;
import hirs.attestationca.persist.entity.manager.ComponentResultRepository;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
+import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult;
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
@@ -363,8 +364,13 @@ public final class CertificateStringMapBuilder {
data.put("x509Version", certificate.getX509CredentialVersion());
//CPSuri
data.put("CPSuri", certificate.getCPSuri());
- data.put("componentResults", PciIds.translateResults(componentResultRepository
- .findByBoardSerialNumber(certificate.getPlatformSerial())));
+ List<ComponentResult> compResults = componentResultRepository
+ .findByBoardSerialNumber(certificate.getPlatformSerial());
+ if (PciIds.DB.isReady()) {
+ data.put("componentResults", PciIds.translateResults(compResults));
+ } else {
+ data.put("componentResults", compResults);
+ }
//Get platform Configuration values and set map with it
PlatformConfiguration platformConfiguration = certificate.getPlatformConfiguration();
diff --git a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp
index 434e7f14..5a45d1c5 100644
--- a/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp
+++ b/HIRS_AttestationCAPortal/src/main/webapp/WEB-INF/jsp/certificate-details.jsp
@@ -628,7 +628,7 @@
</c:choose>
<c:choose>
<c:when test="${component.isVersion2()=='TRUE'}">
- <span data-toggle="tooltip" data-placement="top" title="Component Class">${component.getComponentClass()}</span>
+ <span data-toggle="tooltip" data-placement="top" title="Component Class">${component.getComponentClassValue()}</span>
</c:when>
<c:otherwise>
<span data-toggle="tooltip" data-placement="top" title="Component Class">Platform Components</span>