[#863] Placed Dependencies and Dependency Versions In TOML file (#885)

* issue_863: Successfully moved all the dependencies to toml file and currently replacing dependencies listed in the build.gradle file with the ones referenced in the toml file

* issue_863: finished updating dependency versions. Ready for PR

* issue_863: downgraded versions since there was an issue with the dependencies versions and the ci/cd pipeline in git. will update each depedency slowly to ensure that upgrades are down correctly.

* issue_863: upgrading this slowly but surely

* issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes.

* issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes (again)

* issue_863: upgrading this slowly but surely again. testing to see if github's ci/cd is happy still with these set of changes (again) partIII

* issue_863: Part IV of upgrading this slowly  to see if github's ci/cd is happy still with these set of changes (again)

* issue_863: Part V of upgrading this slowly  to see if github's ci/cd is happy still with these set of changes (again)

* issue_863: Part VI of updating dependencies slowly

* issue_863: Part VII of updating dependencies

* issue_863: Part 8 of updating dependencies

* issue_863: Part 9 of updating dependencies

* issue_863: Part 10 of updating dependencies

* issue_863: Part 12 of updating dependencies

* issue_863: Part 13 of updating dependencies

* issue_863: Part 14 of updating dependencies

* issue_863: Part 15 of updating dependencies

* issue_863: Updating tomcat core.

* issue_863: removed some critical vulnerable dependencies

* issue_863: updated spring boot version. second try at it.

* issue_863: undid spring update. need to figure out how to smoothly transition to newer spring.

* issue_863: updated spring boot, hibernate, and spring retry. Removed an unused dependency.

* issue_863: removed unused dependencies and am currently resolving critical vulnerable dependendcies

* issue_863: reverted changes from last commit. let's see if that makes a difference

* issue_863: Updated gradle version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities.

* issue_863: Updated gradle plugins version, fixed more vulnerabilities, now figuring what to do with the remaining vulnerabilities.

* issue_863: Updated gradle plugins version again. Ready for PR. Vulnerability issues will be addressed in another PR. I've cut down vulnerabilities by quite a lot and I want to test the new OWASP plugin against the remaining vulnerabilities.

* issue_863: Finishing touches to the PR. Upgraded some more dependencies and removed unused one.

* issue_863: Removed testng from codebase. Has been officially replaced with spring junit.

HIRS_AttestationCA/build.gradle

@@ -1,20 +1,6 @@
 plugins {
-    id 'java'
+    id 'io.spring.dependency-management' version '1.1.7'
-    id 'io.spring.dependency-management' version '1.1.0'
     id 'com.google.protobuf' version '0.9.4'
-    id 'checkstyle'
-}
-
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-    mavenCentral()
-
-    flatDir { dirs "lib" }
 }
 
 configurations {
@@ -27,63 +13,42 @@ dependencies {
     implementation project(':HIRS_Utils')
     implementation project(':HIRS_Structs')
 
-    implementation 'org.springframework.boot:spring-boot-starter-data-jpa:3.0.1'
-    implementation 'com.github.darrachequesne:spring-data-jpa-datatables:6.0.1'
-    implementation 'org.springframework.retry:spring-retry:2.0.0'
-    implementation libs.springdatajpa
-
     implementation libs.bouncycastle
     implementation libs.commons.codec
+    implementation libs.commons.io
     implementation libs.commons.lang3
-    implementation libs.jakarta.api
-    implementation libs.jakarta.xml
-    implementation libs.hibernate.core
-    implementation libs.pci
     implementation libs.guava
     implementation libs.jackson.core
     implementation libs.jackson.databind
+    implementation libs.jakarta.persistence.api
+    implementation libs.jakarta.xml
+    implementation libs.spring.boot.starter.log4j2
     implementation libs.minimal.json
+
+    // pull the pci dependency and ...
+    implementation libs.pci
+    // and explicitly include the patched version of the apache http client dependency
+    implementation libs.apacheHttpClient
+
     implementation libs.protobuf.java
-    implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
+    implementation libs.spring.boot.starter.data.jpa
-    implementation 'org.apache.logging.log4j:log4j-api:2.19.0'
+    implementation libs.spring.retry
+    implementation libs.spring.boot.starter.web
+    implementation libs.spring.framework.webmvc
 
-    testImplementation 'org.apache.directory.studio:org.apache.commons.io:2.4'
-    testImplementation 'org.hamcrest:hamcrest:2.2'
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3'
-    testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3'
-    testImplementation 'org.mockito:mockito-core:4.2.0'
-    testImplementation 'org.springframework:spring-test:6.0.8'
-
-    compileOnly "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}"
-    annotationProcessor "com.github.spotbugs:spotbugs-annotations:${spotBugAnnotationVersion}"
-
-    // spring management
     compileOnly libs.lombok
-    implementation libs.lombok
     annotationProcessor libs.lombok
+
+    compileOnly libs.spotbugs.annotations
+    annotationProcessor libs.spotbugs.annotations
+
+    testImplementation libs.commons.io
+    testImplementation libs.spring.boot.starter.test
+
+    testCompileOnly libs.lombok
+    testAnnotationProcessor libs.lombok
 }
-checkstyle {
+
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source = 'src/main/java'
-}
-checkstyleTest {
-    source = 'src/test/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
-}
 protobuf {
     protoc {
         artifact = 'com.google.protobuf:protoc:3.24.3'

HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/UserDefinedEntity.java

@@ -19,10 +19,10 @@ public abstract class UserDefinedEntity extends ArchivableEntity {
 
     @Column(nullable = false, unique = true)
     @NonNull
-    private String name;
+    private String name = "";
 
     @ToString.Exclude
-    @Column(nullable = false, unique = false)
+    @Column(nullable = false)
     @NonNull
     private String description = "";
 

HIRS_AttestationCAPortal/build.gradle

@@ -1,25 +1,17 @@
 plugins {
     id 'application'
-    id 'java'
     id 'war'
-    id 'com.netflix.nebula.ospackage' version '11.8.0'
+    id 'com.netflix.nebula.ospackage' version '11.10.0'
-    id 'org.springframework.boot' version '3.0.6'
+    id 'org.springframework.boot' version '3.0.13'
-    id 'io.spring.dependency-management' version '1.1.0'
+    id 'io.spring.dependency-management' version '1.1.7'
-    id 'checkstyle'
 }
 
 // Get version from main project gradle
-def packVersion = properties.get("packageVersion");
+def packVersion = properties.get("packageVersion")
-def jarVersion = properties.get("jarVersion");
+def jarVersion = properties.get("jarVersion")
-def projVersion = properties.get("projVersion");
+def projVersion = properties.get("projVersion")
 //println "packageVersion is ${projVersion}"
 
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
 bootRun {
     if (project.hasProperty('debug')) {
         jvmArgs project.debug
@@ -33,63 +25,40 @@ configurations {
     all*.exclude module: 'spring-boot-starter-logging'
 }
 
-repositories {
-    flatDir { dirs "lib" }
-    mavenCentral()
-}
-
 dependencies {
     implementation project(':HIRS_Utils')
     implementation project(':HIRS_AttestationCA')
 
-    implementation libs.pci
-    implementation libs.gson
     implementation libs.bouncycastle
     implementation libs.guava
+    implementation libs.gson
+    implementation libs.jakarta.persistence.api
     implementation libs.jakarta.servlet
-    implementation libs.jakarta.api
     implementation libs.jakarta.xml
 
-    implementation 'org.springframework.boot:spring-boot-starter-web'
+    // pull the pci dependency and ...
-    implementation 'org.springframework.boot:spring-boot-starter-validation'
+    implementation libs.pci
-    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+    // and explicitly include the patched version of the apache http client dependency
-    implementation 'org.springframework.boot:spring-boot-starter-log4j2'
+    implementation libs.apacheHttpClient
-    implementation 'org.apache.logging.log4j:log4j-spring-boot'
-    implementation 'org.projectlombok:lombok'
-    implementation 'commons-fileupload:commons-fileupload:1.5'
-    implementation 'org.apache.tomcat.embed:tomcat-embed-jasper:10.1.5'
 
-    compileOnly 'org.projectlombok:lombok'
+    implementation libs.mariadb.java.client
-    implementation 'org.mariadb.jdbc:mariadb-java-client:3.1.4'
+    implementation libs.spring.boot.starter.web
-    annotationProcessor 'org.projectlombok:lombok'
+    //implementation libs.spring.framework.webmvc
-    providedRuntime 'org.springframework.boot:spring-boot-starter-tomcat'
+    implementation libs.spring.boot.starter.validation
+    implementation libs.spring.boot.starter.data.jpa
+    implementation libs.spring.boot.starter.log4j2
+    implementation libs.tomcat.embed.jasper
 
-    testImplementation 'org.springframework.boot:spring-boot-starter-test'
+    compileOnly libs.lombok
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3'
+    annotationProcessor libs.lombok
-    testImplementation 'org.hsqldb:hsqldb'
-}
 
-checkstyle {
+    providedRuntime libs.spring.boot.starter.tomcat
-    toolVersion = '10.12.7'
+
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
+    testImplementation libs.hsqldb
-}
+    testImplementation libs.spring.boot.starter.test
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
+
-configurations.checkstyle {
+    testCompileOnly libs.lombok
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
+    testAnnotationProcessor libs.lombok
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source = 'src/main/java'
-}
-checkstyleTest {
-    source = 'src/test/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
 }
 
 test {

HIRS_Structs/build.gradle

@@ -1,56 +1,19 @@
-plugins {
-    id 'java'
-    id 'checkstyle'
-}
-
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-    mavenCentral()
-
-    flatDir { dirs "lib" }
-}
-
 dependencies {
-    implementation 'org.apache.commons:commons-lang3:3.13.0'
+    implementation libs.commons.lang3
 
-//    testCompile libs.mockito
+    compileOnly libs.lombok
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3'
+    annotationProcessor libs.lombok
-    testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3'
+
-    testImplementation 'org.hamcrest:hamcrest:2.2'
+    testImplementation libs.spring.boot.starter.test
+
+    testCompileOnly libs.lombok
+    testAnnotationProcessor libs.lombok
 }
 
 test {
     useJUnitPlatform()
 }
 
-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source = 'src/main/java'
-}
-checkstyleTest {
-    source = 'src/test/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
-}
-
 //publishing {
 //    publications {
 //        maven(MavenPublication) {
@@ -59,5 +22,3 @@ tasks.withType(Checkstyle) {
 //        }
 //    }
 //}
-
-

HIRS_Utils/build.gradle

@@ -1,24 +1,8 @@
-plugins {
-    id 'java'
-    id 'checkstyle'
-}
 // Get version from main project gradle
 def packVersion = properties.get("packageVersion")
 def jarVersion = properties.get("jarVersion")
 //println "packageVersion is ${projVersion}"
 
-
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-    mavenCentral()
-    flatDir { dirs "lib" }
-}
-
 configurations {
     compileOnly {
         extendsFrom annotationProcessor
@@ -28,54 +12,33 @@ configurations {
 
 dependencies {
     implementation libs.bouncycastle
-    implementation libs.lombok
-    implementation libs.jackson.core
-    implementation libs.jackson.databind
-    implementation libs.jakarta.api
-    implementation libs.jakarta.xml
-    implementation libs.guava
     implementation libs.commons.codec
     implementation libs.commons.lang3
     implementation libs.commons.io
+    implementation libs.glassfish.jaxb.runtime
+    implementation libs.guava
+    implementation libs.jackson.core
+    implementation libs.jackson.databind
+    implementation libs.jakarta.persistence.api
+    implementation libs.jakarta.xml
+    implementation libs.spring.boot.starter.log4j2
     implementation libs.minimal.json
+
+    // pull the pci dependency and ...
     implementation libs.pci
+    // and explicitly include the patched version of the apache http client dependency
+    implementation libs.apacheHttpClient
 
-    implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
+    implementation libs.slf4j.simple
-    implementation 'org.apache.logging.log4j:log4j-api:2.19.0'
-    implementation 'org.glassfish.jaxb:jaxb-runtime:4.0.1'
-    implementation 'org.slf4j:slf4j-simple:1.7.30'
-
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.3'
-    testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3'
-    testImplementation 'org.hamcrest:hamcrest:2.2'
-    testImplementation 'org.mockito:mockito-core:4.2.0'
-    testImplementation project(path: ':HIRS_AttestationCA')
 
     compileOnly libs.lombok
     annotationProcessor libs.lombok
-}
 
-checkstyle {
+    testImplementation libs.spring.boot.starter.test
-    toolVersion = '10.12.7'
+    testImplementation project(path: ':HIRS_AttestationCA')
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
+
-}
+    testCompileOnly libs.lombok
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
+    testAnnotationProcessor libs.lombok
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source = 'src/main/java'
-}
-checkstyleTest {
-    source = 'src/test/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
 }
 
 test {

build.gradle

@@ -1,9 +1,13 @@
+import com.github.spotbugs.snom.SpotBugsTask
+
 import java.util.concurrent.TimeUnit
 
 plugins {
     // Apply the application plugin to add support for building a CLI application in Java.
     id 'application'
-    id 'com.github.spotbugs' version '6.0.4' apply false
+    id 'checkstyle'
+    id 'com.github.spotbugs' version '6.0.13' apply false
+    id 'java'
 }
 
 // Global checkstyle file
@@ -11,12 +15,44 @@ ext.checkstyleConfigFile = new File(rootDir, "/config/checkstyle/sun_checks.xml"
 
 subprojects {
     apply plugin: "com.github.spotbugs"
+    apply plugin: "java"
+    apply plugin: "checkstyle"
+
+    repositories {
+        flatDir { dirs "lib" }
+        mavenCentral()
+    }
+
+    java {
+        toolchain {
+            languageVersion = JavaLanguageVersion.of(17)
+        }
+    }
+
+    checkstyle {
+        toolVersion = '10.20.0'
+        configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
+    }
+
+    checkstyleMain {
+        source = 'src/main/java'
+    }
+    checkstyleTest {
+        source = 'src/test/java'
+    }
+
+    tasks.withType(Checkstyle).configureEach {
+        reports {
+            xml.required = false
+            html.required = true
+        }
+    }
 
     spotbugs {
         excludeFilter = file('config/spotbugs/spotbugs-exclude.xml')
     }
 
-    tasks.withType(com.github.spotbugs.snom.SpotBugsTask) {
+    tasks.withType(SpotBugsTask).configureEach {
         reports {
             html.required = true
         }

gradle.properties

@@ -1,7 +1,5 @@
 excludeGroups=rhel-6,performance
 includeGroups=
 org.gradle.daemon=true
-org.gradle.jvmargs=-Xms256m -Xmx1024m
+org.gradle.jvmargs=-Xms1g -Xmx4g
 org.gradle.caching=true
-#dependency versions
-spotBugAnnotationVersion=4.8.6

gradle/versions.toml

@@ -0,0 +1,68 @@
+[versions]
+apacheHttpClientVersion = "4.5.14"
+bouncyCastleVersion = "1.79"
+commonsCodecVersion = "1.17.1"
+commonsIoVersion = "2.18.0"
+commonsLang3Version = "3.17.0"
+gsonVersion = "2.11.0"
+glassfishJakartaJsonVersion = "2.0.1"
+glassfishJaxbRuntimeVersion = "4.0.5"
+guavaVersion = "33.3.1-jre"
+jacksonVersion = "2.18.2"
+jakartaPersistenceApiVersion = "3.2.0"
+jakartaServletVersion = "3.0.0"
+jakartaXmlVersion = "4.0.2"
+jcommanderVersion = "2.0"
+lombokVersion = "1.18.36"
+mariadbVersion = "3.5.1"
+minimalJsonVersion = "0.9.5"
+ospackageVersion = "11.2.0"
+pciVersion = "0.3"
+protobufJavaVersion = "4.28.3"
+springBootVersion = "3.4.0"
+springCoreVersion = "6.2.1"
+springRetryVersion = "2.0.10"
+tomcatVersion = "10.1.33"
+
+#test dependencies versions
+hsqldbVersion = "2.7.3"
+slf4jVersion = "2.0.16"
+spotBugAnnotationVersion = "4.8.6"
+
+[libraries]
+apacheHttpClient = { module = "org.apache.httpcomponents:httpclient", version.ref = "apacheHttpClientVersion" }
+bouncycastle = { module = "org.bouncycastle:bcmail-jdk18on", version.ref = "bouncyCastleVersion" }
+commons-codec = { module = "commons-codec:commons-codec", version.ref = "commonsCodecVersion" }
+commons-io = { module = "commons-io:commons-io", version.ref = "commonsIoVersion" }
+commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "commonsLang3Version" }
+gson = { module = "com.google.code.gson:gson", version.ref = "gsonVersion" }
+glassfish-jakarta-json = { module = "org.glassfish:jakarta.json", version.ref = "glassfishJakartaJsonVersion" }
+glassfish-jaxb-runtime = { module = "org.glassfish.jaxb:jaxb-runtime", version.ref = "glassfishJaxbRuntimeVersion" }
+guava = { module = "com.google.guava:guava", version.ref = "guavaVersion" }
+jackson-core = { module = "com.fasterxml.jackson.core:jackson-core", version.ref = "jacksonVersion" }
+jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", version.ref = "jacksonVersion" }
+jakarta-persistence-api = { module = "jakarta.persistence:jakarta.persistence-api", version.ref = "jakartaPersistenceApiVersion" }
+jakarta-servlet = { module = "org.glassfish.web:jakarta.servlet.jsp.jstl", version.ref = "jakartaServletVersion" }
+jakarta-xml = { module = "jakarta.xml.bind:jakarta.xml.bind-api", version.ref = "jakartaXmlVersion" }
+jcommander = { module = "org.jcommander:jcommander", version.ref = "jcommanderVersion" }
+lombok = { module = "org.projectlombok:lombok", version.ref = "lombokVersion" }
+mariadb-java-client = { module = "org.mariadb.jdbc:mariadb-java-client", version.ref = "mariadbVersion" }
+minimal-json = { module = "com.eclipsesource.minimal-json:minimal-json", version.ref = "minimalJsonVersion" }
+pci = { module = "com.github.marandus:pci-ids", version.ref = "pciVersion" }
+protobuf-java = { module = "com.google.protobuf:protobuf-java", version.ref = "protobufJavaVersion" }
+slf4j-simple = { module = "org.slf4j:slf4j-simple", version.ref = "slf4jVersion" }
+spring-boot-starter-data-jpa = { module = "org.springframework.boot:spring-boot-starter-data-jpa", version.ref = "springBootVersion" }
+spring-boot-starter-log4j2 = { module = "org.springframework.boot:spring-boot-starter-log4j2", version.ref = "springBootVersion" }
+spring-boot-starter-tomcat = { module = "org.springframework.boot:spring-boot-starter-tomcat", version.ref = "springBootVersion" }
+spring-boot-starter-validation = { module = "org.springframework.boot:spring-boot-starter-validation", version.ref = "springBootVersion" }
+spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "springBootVersion" }
+spring-framework-webmvc = { module = "org.springframework:spring-webmvc", version.ref = "springCoreVersion" }
+spring-retry = { module = "org.springframework.retry:spring-retry", version.ref = "springRetryVersion" }
+tomcat-embed-jasper = { module = "org.apache.tomcat.embed:tomcat-embed-jasper", version.ref = "tomcatVersion" }
+
+# test dependencies
+hsqldb = { module = "org.hsqldb:hsqldb", version.ref = "hsqldbVersion" }
+spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test", version.ref = "springBootVersion" }
+spotbugs-annotations = { module = "com.github.spotbugs:spotbugs-annotations", version.ref = "spotBugAnnotationVersion" }
+
+[plugins]

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip
 networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

settings.gradle

@@ -9,34 +9,8 @@ include 'HIRS_Utils',
 
 dependencyResolutionManagement {
     versionCatalogs {
-        libs {
+        create("libs") {
-            version('springboot', '3.0.1')
+            from(files("gradle/versions.toml"))
-            version('jackson', '2.14.2')
-            library('commons-codec', 'commons-codec:commons-codec:1.15')
-            library('commons_io',    'commons-io:commons-io:2.11.0')
-            library('commons-lang3', 'org.apache.commons:commons-lang3:3.13.0')
-            library('bouncycastle', 'org.bouncycastle:bcmail-jdk18on:1.77')
-            library('glassfish_json',   'org.glassfish:javax.json:1.1.4')
-            library('glassfish_jaxb_runtime',   'org.glassfish.jaxb:jaxb-runtime:2.3.1')
-            library('gson', 'com.google.code.gson:gson:2.10.1')
-            library('guava', 'com.google.guava:guava:31.1-jre')
-            library('minimal-json', 'com.eclipsesource.minimal-json:minimal-json:0.9.5')
-            library('protobuf-java', 'com.google.protobuf:protobuf-java:3.24.1')
-            library('jakarta-servlet', 'org.glassfish.web:jakarta.servlet.jsp.jstl:3.0.0')
-            library('jakarta-api', 'jakarta.persistence:jakarta.persistence-api:3.1.0')
-            library('jakarta-xml', 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.0')
-            library('jcommander',    'org.jcommander:jcommander:1.83')
-            library('hibernate-core', 'org.hibernate:hibernate-core:6.1.7.Final')
-            library('jackson-core', 'com.fasterxml.jackson.core', 'jackson-core').versionRef('jackson')
-            library('jackson-databind', 'com.fasterxml.jackson.core', 'jackson-databind').versionRef('jackson')
-            library('pci', 'com.github.marandus:pci-ids:0.3')
-            library('ospackage', 'com.netflix.nebula:gradle-ospackage-plugin:11.2.0')
-            library('springdatajpa', 'org.springframework.boot:spring-boot-starter-web:3.0.1')
-//            library('spring-datajpa', 'org.springframework.boot', 'spring-boot-starter-data-jpa').version('springboot')
-//            library('spring-datajpa', 'org.springframework.boot', 'spring-boot-starter-web').version('springboot')
-//            library('spring-datajpa', 'org.springframework.boot', 'spring-boot-starter-validation').version('springboot')
-            library('lombok', 'org.projectlombok:lombok:1.18.26')
-            library('testng', 'org.testng:testng:7.4.0')
         }
     }
 }

tools/tcg_eventlog_tool/build.gradle

@@ -1,52 +1,18 @@
-import java.util.concurrent.TimeUnit
 plugins {
-      id "java"
+    id "com.netflix.nebula.ospackage" version "11.10.0"
-      id "com.netflix.nebula.ospackage" version "11.4.0"
-      id 'checkstyle'
 }
 // Get version from main project gradle
 def packVersion = properties.get("packageVersion");
 def jarVersion = properties.get("jarVersion");
 
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-    mavenCentral()
-    flatDir { dirs "lib" }
-}
-
 dependencies {
     implementation project(':HIRS_Utils')
-    implementation libs.jcommander
     implementation libs.commons.io
+    implementation libs.jcommander
 }
 
 ext.configDir = new File(projectDir, 'config')
 
-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source ='src/main/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
-}
-
 jar {
     // Keep jar clean:
     exclude 'META-INF/*.SF', 'META-INF/*.DSA', 'META-INF/*.RSA', 'META-INF/*.MF'

tools/tcg_rim_tool/build.gradle

@@ -1,70 +1,40 @@
 plugins {
-       id "java"
+    id 'com.netflix.nebula.ospackage' version '11.10.0'
-       id 'com.netflix.nebula.ospackage' version '11.4.0'
+    id 'com.intershop.gradle.jaxb' version '7.0.1'
-       id 'com.intershop.gradle.jaxb' version '5.1.0'
-       id 'checkstyle'
 }
 
 // Get version from main project gradle
 def packVersion = properties.get("packageVersion");
 def jarVersion = properties.get("jarVersion");
 
-java {
-    toolchain {
-        languageVersion = JavaLanguageVersion.of(17)
-    }
-}
-
-repositories {
-	mavenCentral()
-	flatDir { dirs "lib" }
-}
-
 dependencies {
     implementation project(':HIRS_Utils')
 
     implementation libs.bouncycastle
-	implementation libs.glassfish.json
-	implementation libs.glassfish.jaxb.runtime
-	implementation libs.jcommander
-	implementation libs.jakarta.api
-	implementation libs.jakarta.xml
     implementation libs.commons.codec
-	implementation libs.hibernate.core
+    implementation libs.glassfish.jakarta.json
-	implementation libs.jackson.databind
+    implementation libs.glassfish.jaxb.runtime
-	implementation 'org.apache.logging.log4j:log4j-core:2.19.0'
     implementation libs.guava
+    implementation libs.jcommander
+    implementation libs.jackson.databind
+    implementation libs.jakarta.persistence.api
+    implementation libs.jakarta.xml
+    implementation libs.spring.boot.starter.log4j2
+    implementation libs.spring.boot.starter.data.jpa
 
     compileOnly libs.lombok
-    implementation libs.lombok
     annotationProcessor libs.lombok
 
-    testImplementation libs.testng
+    testImplementation libs.spring.boot.starter.test
+
+    testCompileOnly libs.lombok
+    testAnnotationProcessor libs.lombok
+
 }
 test {
     testLogging.showStandardStreams true
 }
 
-checkstyle {
-    toolVersion = '10.12.7'
-    configFile file("${rootDir}/config/checkstyle/checkstyle.xml")
-}
-// https://github.com/checkstyle/checkstyle/issues/14211#issuecomment-1884129948
-configurations.checkstyle {
-    resolutionStrategy.capabilitiesResolution.withCapability("com.google.collections:google-collections") {
-        select("com.google.guava:guava:0")
-    }
-}
-checkstyleMain {
-    source ='src/main/java'
-}
-tasks.withType(Checkstyle) {
-    reports {
-        xml.required = false
-        html.required = true
-    }
-}
-
 jar {
     exclude 'META-INF/*.SF', 'META-INF/*.DSA', 'META-INF/*.RSA', 'META-INF/*.MF'
     duplicatesStrategy = DuplicatesStrategy.EXCLUDE

tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagGateway.java

@@ -9,6 +9,10 @@ import hirs.utils.xjc.ObjectFactory;
 import hirs.utils.xjc.ResourceCollection;
 import hirs.utils.xjc.SoftwareIdentity;
 import hirs.utils.xjc.SoftwareMeta;
+import jakarta.json.Json;
+import jakarta.json.JsonException;
+import jakarta.json.JsonObject;
+import jakarta.json.JsonReader;
 import jakarta.xml.bind.JAXBContext;
 import jakarta.xml.bind.JAXBElement;
 import jakarta.xml.bind.JAXBException;
@@ -17,10 +21,6 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
-import javax.json.Json;
-import javax.json.JsonException;
-import javax.json.JsonObject;
-import javax.json.JsonReader;
 import javax.xml.crypto.MarshalException;
 import javax.xml.crypto.XMLStructure;
 import javax.xml.crypto.dom.DOMStructure;
@@ -190,6 +190,7 @@ public class SwidTagGateway {
 
     /**
      * Setter for timestamp format in XML signature
+     *
      * @param timestampFormat
      */
     public void setTimestampFormat(String timestampFormat) {
@@ -198,6 +199,7 @@ public class SwidTagGateway {
 
     /**
      * Setter for timestamp input - RFC3852 + file or RFC3339 + value
+     *
      * @param timestampArgument
      */
     public void setTimestampArgument(String timestampArgument) {
@@ -555,6 +557,7 @@ public class SwidTagGateway {
             addNonNullAttribute(attributes, key, value);
         }
     }
+
     /**
      * This utility method checks if an attribute value is empty before adding it to the map.
      *
@@ -707,6 +710,7 @@ public class SwidTagGateway {
     /**
      * This method creates a timestamp element and populates it with data according to
      * the RFC format set in timestampFormat.  The element is returned within an XMLObject.
+     *
      * @param doc        the Document representing the XML to be signed
      * @param sigFactory the SignatureFactory object
      * @return an XMLObject containing the timestamp element

tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java

@@ -1,20 +1,19 @@
 package hirs.swid;
 
 import hirs.utils.rim.ReferenceManifestValidator;
+import org.junit.jupiter.api.Test;
+import org.springframework.test.context.event.annotation.AfterTestClass;
+import org.springframework.test.context.event.annotation.BeforeTestClass;
 
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 
-import org.testng.Assert;
+import static org.junit.jupiter.api.Assertions.assertTrue;
-import org.testng.annotations.BeforeClass;
+
-import org.testng.annotations.AfterClass;
-import org.testng.annotations.Test;
 
 public class TestSwidTagGateway {
-	private SwidTagGateway gateway;
-	private ReferenceManifestValidator validator;
     private final String DEFAULT_OUTPUT = "generated_swidTag.swidtag";
     private final String BASE_USER_CERT = "generated_user_cert.swidtag";
     private final String BASE_USER_CERT_EMBED = "generated_user_cert_embed.swidtag";
@@ -35,9 +34,11 @@ public class TestSwidTagGateway {
             .getResource("TpmLog.bin").getPath();
     private final String RFC3852_COUNTERSIGNATURE_FILE = TestSwidTagGateway.class.getClassLoader()
             .getResource("counterSignature.file").getPath();
+    private SwidTagGateway gateway;
+    private ReferenceManifestValidator validator;
     private InputStream expectedFile;
 
-	@BeforeClass
+    @BeforeTestClass
     public void setUp() throws Exception {
         gateway = new SwidTagGateway();
         gateway.setRimEventLog(SUPPORT_RIM_FILE);
@@ -47,7 +48,7 @@ public class TestSwidTagGateway {
         validator.setTrustStoreFile(CA_CHAIN_FILE);
     }
 
-	@AfterClass
+    @AfterTestClass
     public void tearDown() throws Exception {
         if (expectedFile != null) {
             expectedFile.close();
@@ -68,9 +69,9 @@ public class TestSwidTagGateway {
         gateway.generateSwidTag(DEFAULT_OUTPUT);
         expectedFile = TestSwidTagGateway.class.getClassLoader()
                 .getResourceAsStream(BASE_USER_CERT);
-		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
+        assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
         validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
     }
 
     /**
@@ -88,9 +89,9 @@ public class TestSwidTagGateway {
         gateway.generateSwidTag(DEFAULT_OUTPUT);
         expectedFile = TestSwidTagGateway.class.getClassLoader()
                 .getResourceAsStream(BASE_USER_CERT_EMBED);
-		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
+        assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
         validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
     }
 
     /**
@@ -104,9 +105,9 @@ public class TestSwidTagGateway {
         gateway.generateSwidTag(DEFAULT_OUTPUT);
         expectedFile = TestSwidTagGateway.class.getClassLoader()
                 .getResourceAsStream(BASE_DEFAULT_CERT);
-		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
+        assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
         validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
     }
 
     /**
@@ -122,9 +123,9 @@ public class TestSwidTagGateway {
         gateway.generateSwidTag(DEFAULT_OUTPUT);
         expectedFile = TestSwidTagGateway.class.getClassLoader()
                 .getResourceAsStream(BASE_RFC3339_TIMESTAMP);
-		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
+        assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
         validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
     }
 
     /**
@@ -140,9 +141,9 @@ public class TestSwidTagGateway {
         gateway.generateSwidTag(DEFAULT_OUTPUT);
         expectedFile = TestSwidTagGateway.class.getClassLoader()
                 .getResourceAsStream(BASE_RFC3852_TIMESTAMP);
-		Assert.assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
+        assertTrue(compareFileBytesToExpectedFile(DEFAULT_OUTPUT));
         validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
     }
 
     /**
@@ -155,11 +156,12 @@ public class TestSwidTagGateway {
                 .getResource(BASE_USER_CERT).getPath();
         System.out.println("Validating file at " + filepath);
         validator.setRim(DEFAULT_OUTPUT);
-		Assert.assertTrue(validator.validateRim(SIGNING_CERT_FILE));
+        assertTrue(validator.validateRim(SIGNING_CERT_FILE));
     }
 
     /**
      * This method compares two files by bytes to determine if they are the same or not.
+     *
      * @param file to be compared to the expected value.
      * @return true if they are equal, false if not.
      */