diff --git a/.github/workflows/dotnet_provisioner_unit_tests.yml b/.github/workflows/dotnet_provisioner_unit_tests.yml index f0b6d52a..5f0a1b8f 100644 --- a/.github/workflows/dotnet_provisioner_unit_tests.yml +++ b/.github/workflows/dotnet_provisioner_unit_tests.yml @@ -13,7 +13,7 @@ jobs: matrix: include: - os: windows-2022 - - os: ubuntu-20.04 + - os: ubuntu-latest # - os: windows-2019 Cannot Target windows-2019 because the .NET 6 SDK won't receive security patches for this image steps: - name: Set git to use LF diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/RestfulAttestationCertificateAuthority.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/RestfulAttestationCertificateAuthority.java index 1cc40302..a9bfbdc2 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/RestfulAttestationCertificateAuthority.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/RestfulAttestationCertificateAuthority.java @@ -16,9 +16,10 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.PropertySource; import org.springframework.context.annotation.PropertySources; import org.springframework.http.MediaType; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestController; @@ -95,8 +96,7 @@ public class RestfulAttestationCertificateAuthority extends AttestationCertifica */ @Override @ResponseBody - @RequestMapping(value = "/identity-claim-tpm2/process", - method = RequestMethod.POST, + @PostMapping(value = "/identity-claim-tpm2/process", consumes = MediaType.APPLICATION_OCTET_STREAM_VALUE) public byte[] processIdentityClaimTpm2(@RequestBody final byte[] identityClaim) { return super.processIdentityClaimTpm2(identityClaim); @@ -113,8 +113,7 @@ public class RestfulAttestationCertificateAuthority extends AttestationCertifica */ @Override @ResponseBody - @RequestMapping(value = "/request-certificate-tpm2", - method = RequestMethod.POST, + @PostMapping(value = "/request-certificate-tpm2", consumes = MediaType.APPLICATION_OCTET_STREAM_VALUE) public byte[] processCertificateRequest(@RequestBody final byte[] certificateRequest) { return super.processCertificateRequest(certificateRequest); @@ -129,7 +128,7 @@ public class RestfulAttestationCertificateAuthority extends AttestationCertifica */ @Override @ResponseBody - @RequestMapping(value = "/public-key", method = RequestMethod.GET) + @GetMapping("/public-key") public byte[] getPublicKey() { return super.getPublicKey(); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/CertificateService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/CertificateService.java index 03041b3e..6de71cde 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/CertificateService.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/CertificateService.java @@ -48,6 +48,13 @@ public class CertificateService { private final ComponentResultRepository componentResultRepository; private final EntityManager entityManager; + /** + * Con + * + * @param certificateRepository + * @param componentResultRepository + * @param entityManager + */ @Autowired public CertificateService(final CertificateRepository certificateRepository, final ComponentResultRepository componentResultRepository, diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java index be6a08e5..5e202564 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/util/CredentialHelper.java @@ -58,9 +58,15 @@ public final class CredentialHelper { public static byte[] stripPemHeaderFooter(final String pemFile) { String strippedFile; strippedFile = pemFile.replace(CertificateVariables.PEM_HEADER, ""); - strippedFile = strippedFile.replace(CertificateVariables.PEM_FOOTER, ""); + int keyFooterPos = strippedFile.indexOf(CertificateVariables.PEM_FOOTER); + if (keyFooterPos >= 0) { + strippedFile = strippedFile.substring(0, keyFooterPos); + } strippedFile = strippedFile.replace(CertificateVariables.PEM_ATTRIBUTE_HEADER, ""); - strippedFile = strippedFile.replace(CertificateVariables.PEM_ATTRIBUTE_FOOTER, ""); + int attrFooterPos = strippedFile.indexOf(CertificateVariables.PEM_ATTRIBUTE_FOOTER); + if (attrFooterPos >= 0) { + strippedFile = strippedFile.substring(0, attrFooterPos); + } return Base64.decode(strippedFile); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java index e4af6686..fd962f26 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/FirmwareScvValidator.java @@ -38,6 +38,7 @@ import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS; public class FirmwareScvValidator extends SupplyChainCredentialValidator { private static PcrValidator pcrValidator; + private static ReferenceManifest supportReferenceManifest; /** * @param device device @@ -54,16 +55,11 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator { final ReferenceDigestValueRepository referenceDigestValueRepository, final CACredentialRepository caCredentialRepository) { boolean passed = true; - String[] baseline = new String[Integer.SIZE]; AppraisalStatus fwStatus = null; String hostName = device.getDeviceInfo().getNetworkInfo().getHostname(); -// ReferenceManifest validationObject; - List baseReferenceManifests = null; BaseReferenceManifest baseReferenceManifest = null; - ReferenceManifest supportReferenceManifest = null; EventLogMeasurements measurement = null; - - //baseReferenceManifests = referenceManifestRepository.findAllBaseRims(); + log.info("Validating firmware..."); // This block was looking for a base RIM matching the device name // The base rim might not have a device name associated with it- i.e. if it's uploaded to the ACA @@ -90,7 +86,7 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator { String failedString = ""; if (baseReferenceManifest == null) { - failedString = "Base Reference Integrity Manifest\n"; + failedString = "Base Reference Integrity Manifest not found for " + hostName + "\n"; passed = false; } else if (measurement == null) { measurement = (EventLogMeasurements) referenceManifestRepository.findByHexDecHashAndRimType( @@ -103,195 +99,247 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator { } if (measurement == null) { - failedString += "Bios measurement"; + failedString += "Bios measurement not found for " + hostName; passed = false; } if (passed) { - List resources = - baseReferenceManifest.getFileResources(); - fwStatus = new AppraisalStatus(PASS, - SupplyChainCredentialValidator.FIRMWARE_VALID); - - // verify signatures - ReferenceManifestValidator referenceManifestValidator = - new ReferenceManifestValidator(); - referenceManifestValidator.setRim(baseReferenceManifest.getRimBytes()); - - //Validate signing cert - List allCerts = caCredentialRepository.findAll(); - CertificateAuthorityCredential signingCert = null; - for (CertificateAuthorityCredential cert : allCerts) { - signingCert = cert; - KeyStore keyStore = null; - Set set = ValidationService.getCaChainRec(signingCert, - Collections.emptySet(), - caCredentialRepository); - try { - keyStore = ValidationService.caCertSetToKeystore(set); - } catch (Exception e) { - log.error("Error building CA chain for {}: {}", signingCert.getSubjectKeyIdentifier(), - e.getMessage()); - } - - ArrayList certs = new ArrayList<>(set.size()); - for (CertificateAuthorityCredential cac : set) { - try { - certs.add(cac.getX509Certificate()); - } catch (IOException e) { - log.error("Error building CA chain for {}: {}", signingCert.getSubjectKeyIdentifier(), - e.getMessage()); - } - } - referenceManifestValidator.setTrustStore(certs); - try { - if (referenceManifestValidator.validateXmlSignature( - signingCert.getX509Certificate().getPublicKey(), - signingCert.getSubjectKeyIdString(), signingCert.getEncodedPublicKey())) { - try { - if (!SupplyChainCredentialValidator.verifyCertificate( - signingCert.getX509Certificate(), keyStore)) { - passed = false; - fwStatus = new AppraisalStatus(FAIL, - "Firmware validation failed: invalid certificate path."); - } - } catch (IOException ioEx) { - log.error("Error getting X509 cert from manager: {}", ioEx.getMessage()); - } catch (SupplyChainValidatorException scvEx) { - log.error("Error validating cert against keystore: {}", scvEx.getMessage()); - fwStatus = new AppraisalStatus(FAIL, - "Firmware validation failed: invalid certificate path."); - } - break; - } - } catch (IOException ioEx) { - log.error("Error getting X509 cert from manager: {}", ioEx.getMessage()); - } - } - - for (SwidResource swidRes : resources) { - supportReferenceManifest = referenceManifestRepository.findByHexDecHashAndRimType( - swidRes.getHashValue(), ReferenceManifest.SUPPORT_RIM); - if (supportReferenceManifest != null) { - // Removed the filename check from this if statement - referenceManifestValidator.validateSupportRimHash( - supportReferenceManifest.getRimBytes(), swidRes.getHashValue()); - } - } - - if (passed && signingCert == null) { - passed = false; - fwStatus = new AppraisalStatus(FAIL, - "Firmware validation failed: signing cert not found."); - } - - if (passed && supportReferenceManifest == null) { - fwStatus = new AppraisalStatus(FAIL, - "Support Reference Integrity Manifest can not be found"); - passed = false; - } - - if (passed && !referenceManifestValidator.isSignatureValid()) { - passed = false; - fwStatus = new AppraisalStatus(FAIL, - "Firmware validation failed: Signature validation " - + "failed for Base RIM."); - } - - if (passed && !referenceManifestValidator.isSupportRimValid()) { - passed = false; - fwStatus = new AppraisalStatus(FAIL, - "Firmware validation failed: Hash validation " - + "failed for Support RIM."); - } - - if (passed) { - TCGEventLog expectedEventLog; - try { - expectedEventLog = new TCGEventLog(supportReferenceManifest.getRimBytes()); - baseline = expectedEventLog.getExpectedPCRValues(); - } catch (CertificateException | IOException | NoSuchAlgorithmException cEx) { - log.error(cEx); - } - - // part 1 of firmware validation check: PCR baseline match - pcrValidator = new PcrValidator(baseline); - - if (baseline.length > 0) { - String pcrContent = ""; - pcrContent = new String(device.getDeviceInfo().getTpmInfo().getPcrValues(), - StandardCharsets.UTF_8); - - if (pcrContent.isEmpty()) { - fwStatus = new AppraisalStatus(FAIL, - "Firmware validation failed: Client did not " - + "provide pcr values."); - log.warn("Firmware validation failed: Client ({}) did not " - + "provide pcr values.", device.getName()); - } else { - // we have a full set of PCR values - //int algorithmLength = baseline[0].length(); - //String[] storedPcrs = buildStoredPcrs(pcrContent, algorithmLength); - //pcrPolicy.validatePcrs(storedPcrs); - - // part 2 of firmware validation check: bios measurements - // vs baseline tcg event log - // find the measurement - TCGEventLog actualEventLog; - LinkedList failedPcrValues = new LinkedList<>(); - List rimIntegrityMeasurements; - HashMap expectedEventLogRecords = new HashMap<>(); - try { - if (measurement.getDeviceName().equals(hostName)) { - actualEventLog = new TCGEventLog(measurement.getRimBytes()); - rimIntegrityMeasurements = referenceDigestValueRepository - .findValuesByBaseRimId(baseReferenceManifest.getId()); - for (ReferenceDigestValue rdv : rimIntegrityMeasurements) { - expectedEventLogRecords.put(rdv.getDigestValue(), rdv); - } - - failedPcrValues.addAll(pcrValidator.validateTpmEvents( - actualEventLog, expectedEventLogRecords, policySettings)); - } - } catch (CertificateException | NoSuchAlgorithmException | IOException exception) { - log.error(exception); - } - - if (!failedPcrValues.isEmpty()) { - StringBuilder sb = new StringBuilder(); - sb.append(String.format("%d digest(s) were not found:%n", - failedPcrValues.size())); - for (TpmPcrEvent tpe : failedPcrValues) { - sb.append(String.format("PCR Index %d - %s%n", - tpe.getPcrIndex(), - tpe.getEventTypeStr())); - } - if (fwStatus.getAppStatus().equals(FAIL)) { - fwStatus = new AppraisalStatus(FAIL, String.format("%s%n%s", - fwStatus.getMessage(), sb)); - } else { - fwStatus = new AppraisalStatus(FAIL, - sb.toString(), ReferenceManifest.MEASUREMENT_RIM); - } - } - } + AppraisalStatus rimSignatureStatus = validateRimSignature(baseReferenceManifest, + caCredentialRepository, referenceManifestRepository); + fwStatus = rimSignatureStatus; + if (rimSignatureStatus.getAppStatus() == PASS) { + AppraisalStatus pcrStatus = validatePcrValues(device, hostName, baseReferenceManifest, + measurement, referenceDigestValueRepository, policySettings); + fwStatus = pcrStatus; + if (pcrStatus.getAppStatus() == PASS) { + EventLogMeasurements eventLog = measurement; + eventLog.setOverallValidationResult(PASS); + referenceManifestRepository.save(eventLog); + fwStatus = new AppraisalStatus(PASS, SupplyChainCredentialValidator.FIRMWARE_VALID); } else { - fwStatus = new AppraisalStatus(FAIL, "The RIM baseline could not be found."); + failedString = pcrStatus.getMessage(); + log.warn("PCR value validation failed: " + failedString); + passed = false; } + } else { + failedString = rimSignatureStatus.getMessage(); + log.warn("RIM signature validation failed: " + failedString); + passed = false; } - - EventLogMeasurements eventLog = measurement; - eventLog.setOverallValidationResult(fwStatus.getAppStatus()); - referenceManifestRepository.save(eventLog); - } else { - fwStatus = new AppraisalStatus(FAIL, String.format("Firmware Validation failed: " - + "%s for %s can not be found", failedString, hostName)); + } + if (!passed) { if (measurement != null) { measurement.setOverallValidationResult(fwStatus.getAppStatus()); referenceManifestRepository.save(measurement); } } - return fwStatus; } + + private static AppraisalStatus validateRimSignature( + final BaseReferenceManifest baseReferenceManifest, + final CACredentialRepository caCredentialRepository, + final ReferenceManifestRepository referenceManifestRepository) { + List resources = + baseReferenceManifest.getFileResources(); + AppraisalStatus rimSignatureStatus = new AppraisalStatus(PASS, "RIM signature valid."); + boolean passed = true; + log.info("Validating RIM signature..."); + + // verify signatures + ReferenceManifestValidator referenceManifestValidator = + new ReferenceManifestValidator(); + referenceManifestValidator.setRim(baseReferenceManifest.getRimBytes()); + + //Validate signing cert + List allCerts = caCredentialRepository.findAll(); + CertificateAuthorityCredential signingCert = null; + for (CertificateAuthorityCredential cert : allCerts) { + signingCert = cert; + KeyStore keyStore = null; + Set set = ValidationService.getCaChainRec(signingCert, + Collections.emptySet(), + caCredentialRepository); + try { + keyStore = ValidationService.caCertSetToKeystore(set); + } catch (Exception e) { + log.error("Error building CA chain for " + signingCert.getSubjectKeyIdentifier() + ": " + + e.getMessage()); + } + + ArrayList certs = new ArrayList<>(set.size()); + for (CertificateAuthorityCredential cac : set) { + try { + certs.add(cac.getX509Certificate()); + } catch (IOException e) { + log.error( + "Error building CA chain for " + signingCert.getSubjectKeyIdentifier() + ": " + + e.getMessage()); + } + } + referenceManifestValidator.setTrustStore(certs); + try { + if (referenceManifestValidator.validateXmlSignature( + signingCert.getX509Certificate().getPublicKey(), + signingCert.getSubjectKeyIdString(), signingCert.getEncodedPublicKey())) { + try { + if (!SupplyChainCredentialValidator.verifyCertificate( + signingCert.getX509Certificate(), keyStore)) { + passed = false; + rimSignatureStatus = new AppraisalStatus(FAIL, + "RIM signature validation failed: invalid certificate path."); + } + } catch (IOException ioEx) { + log.error("Error getting X509 cert from manager: " + ioEx.getMessage()); + } catch (SupplyChainValidatorException scvEx) { + log.error("Error validating cert against keystore: " + scvEx.getMessage()); + rimSignatureStatus = new AppraisalStatus(FAIL, + "RIM signature validation failed: invalid certificate path."); + } + break; + } + } catch (IOException ioEx) { + log.error("Error getting X509 cert from manager: " + ioEx.getMessage()); + } + } + + for (SwidResource swidRes : resources) { + supportReferenceManifest = referenceManifestRepository.findByHexDecHashAndRimType( + swidRes.getHashValue(), ReferenceManifest.SUPPORT_RIM); + if (supportReferenceManifest != null) { + // Removed the filename check from this if statement + referenceManifestValidator.validateSupportRimHash( + supportReferenceManifest.getRimBytes(), swidRes.getHashValue()); + } + } + + if (passed && signingCert == null) { + passed = false; + rimSignatureStatus = new AppraisalStatus(FAIL, + "RIM signature validation failed: signing cert not found."); + } + + if (passed && supportReferenceManifest == null) { + rimSignatureStatus = new AppraisalStatus(FAIL, + "Support Reference Integrity Manifest can not be found"); + passed = false; + } + + if (passed && !referenceManifestValidator.isSignatureValid()) { + passed = false; + rimSignatureStatus = new AppraisalStatus(FAIL, + "RIM signature validation failed: Signature validation " + + "failed for Base RIM."); + } + + if (passed && !referenceManifestValidator.isSupportRimValid()) { + rimSignatureStatus = new AppraisalStatus(FAIL, + "RIM signature validation failed: Hash validation " + + "failed for Support RIM."); + } + + return rimSignatureStatus; + } + + private static AppraisalStatus validatePcrValues( + final Device device, + final String hostName, + final ReferenceManifest baseReferenceManifest, + final EventLogMeasurements measurement, + final ReferenceDigestValueRepository referenceDigestValueRepository, + final PolicySettings policySettings) { + + String[] baseline = new String[Integer.SIZE]; + TCGEventLog logProcessor; + AppraisalStatus pcrAppraisalStatus = new AppraisalStatus(PASS, "PCR values validated."); + log.info("Validating PCR values..."); + + try { + logProcessor = new TCGEventLog(supportReferenceManifest.getRimBytes()); + baseline = logProcessor.getExpectedPCRValues(); + } catch (CertificateException cEx) { + log.error(cEx); + } catch (NoSuchAlgorithmException noSaEx) { + log.error(noSaEx); + } catch (IOException ioEx) { + log.error(ioEx); + } + + // part 1 of firmware validation check: PCR baseline match + pcrValidator = new PcrValidator(baseline); + + if (baseline.length > 0) { + String pcrContent = ""; + pcrContent = new String(device.getDeviceInfo().getTpmInfo().getPcrValues(), + StandardCharsets.UTF_8); + + if (pcrContent.isEmpty()) { + pcrAppraisalStatus = new AppraisalStatus(FAIL, + "Firmware validation failed: Client did not " + + "provide pcr values."); + log.warn(String.format( + "Firmware validation failed: Client (%s) did not " + + "provide pcr values.", device.getName())); + } else { + // we have a full set of PCR values + //int algorithmLength = baseline[0].length(); + //String[] storedPcrs = buildStoredPcrs(pcrContent, algorithmLength); + //pcrPolicy.validatePcrs(storedPcrs); + + // part 2 of firmware validation check: bios measurements + // vs baseline tcg event log + // find the measurement + TCGEventLog tcgMeasurementLog; + LinkedList tpmPcrEvents = new LinkedList<>(); + List eventValue; + HashMap eventValueMap = new HashMap<>(); + try { + if (measurement.getDeviceName().equals(hostName)) { + tcgMeasurementLog = new TCGEventLog(measurement.getRimBytes()); + eventValue = referenceDigestValueRepository + .findValuesByBaseRimId(baseReferenceManifest.getId()); + for (ReferenceDigestValue rdv : eventValue) { + eventValueMap.put(rdv.getDigestValue(), rdv); + } + + tpmPcrEvents.addAll(pcrValidator.validateTpmEvents( + tcgMeasurementLog, eventValueMap, policySettings)); + } + } catch (NoSuchAlgorithmException e) { + log.error(e); + } catch (CertificateException cEx) { + log.error(cEx); + } catch (IOException e) { + log.error(e); + } + + if (!tpmPcrEvents.isEmpty()) { + StringBuilder sb = new StringBuilder(); + sb.append(String.format("%d digest(s) were not found:%n", + tpmPcrEvents.size())); + for (TpmPcrEvent tpe : tpmPcrEvents) { + sb.append(String.format("PCR Index %d - %s%n", + tpe.getPcrIndex(), + tpe.getEventTypeStr())); + } + if (pcrAppraisalStatus.getAppStatus().equals(FAIL)) { + pcrAppraisalStatus = new AppraisalStatus(FAIL, String.format("%s%n%s", + pcrAppraisalStatus.getMessage(), sb.toString())); + } else { + pcrAppraisalStatus = new AppraisalStatus(FAIL, + sb.toString(), ReferenceManifest.MEASUREMENT_RIM); + } + } + } + } else { + pcrAppraisalStatus = new AppraisalStatus(FAIL, "The RIM baseline could not be found."); + } + + return pcrAppraisalStatus; + } + + private static void logAndReportError(final AppraisalStatus status, final String errorString) { + status.setMessage(errorString); + log.error(errorString); + } } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java index 576db6b3..59a8a267 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java @@ -13,8 +13,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.ModelAttribute; +import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.mvc.support.RedirectAttributes; import org.springframework.web.servlet.view.RedirectView; @@ -118,7 +118,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-pc-validation", method = RequestMethod.POST) + @PostMapping("update-pc-validation") public RedirectView updatePcVal(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { @@ -169,7 +169,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-pc-attribute-validation", method = RequestMethod.POST) + @PostMapping("update-pc-attribute-validation") public RedirectView updatePcAttributeVal(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { @@ -219,7 +219,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-revision-ignore", method = RequestMethod.POST) + @PostMapping("update-revision-ignore") public RedirectView updateIgnoreRevisionAttribute(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { @@ -270,7 +270,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-issue-attestation", method = RequestMethod.POST) + @PostMapping("update-issue-attestation") public RedirectView updateAttestationVal(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { @@ -314,7 +314,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-issue-devid", method = RequestMethod.POST) + @PostMapping("update-issue-devid") public RedirectView updateDevIdVal(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { @@ -359,7 +359,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-expire-on", method = RequestMethod.POST) + @PostMapping("update-expire-on") public RedirectView updateExpireOnVal(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { @@ -429,7 +429,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-devid-expire-on", method = RequestMethod.POST) + @PostMapping("update-devid-expire-on") public RedirectView updateDevIdExpireOnVal(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { @@ -499,7 +499,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-threshold", method = RequestMethod.POST) + @PostMapping("update-threshold") public RedirectView updateThresholdVal(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { @@ -570,7 +570,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-devid-threshold", method = RequestMethod.POST) + @PostMapping("update-devid-threshold") public RedirectView updateDevIdThresholdVal(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { @@ -640,7 +640,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-ec-validation", method = RequestMethod.POST) + @PostMapping("update-ec-validation") public RedirectView updateEcVal(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { @@ -692,7 +692,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-firmware-validation", method = RequestMethod.POST) + @PostMapping("update-firmware-validation") public RedirectView updateFirmwareVal(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { @@ -749,7 +749,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-ima-ignore", method = RequestMethod.POST) + @PostMapping("update-ima-ignore") public RedirectView updateIgnoreIma(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { // set the data received to be populated back into the form @@ -800,7 +800,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-tboot-ignore", method = RequestMethod.POST) + @PostMapping("update-tboot-ignore") public RedirectView updateIgnoreTboot(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { // set the data received to be populated back into the form @@ -851,7 +851,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-gpt-ignore", method = RequestMethod.POST) + @PostMapping("update-gpt-ignore") public RedirectView updateIgnoreGptEvents(@ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) throws URISyntaxException { // set the data received to be populated back into the form @@ -902,7 +902,7 @@ public class PolicyPageController extends PageController { * @return View containing the url and parameters * @throws URISyntaxException if malformed URI */ - @RequestMapping(value = "update-os-evt-ignore", method = RequestMethod.POST) + @PostMapping("update-os-evt-ignore") public RedirectView updateIgnoreOsEvents( @ModelAttribute final PolicyPageModel ppModel, final RedirectAttributes attr) @@ -995,6 +995,15 @@ public class PolicyPageController extends PageController { return policy; } + /** + * Helper method that saves the provided policy to the database and displays a success message. + * + * @param ppModel policy page model + * @param model model + * @param messages page messages + * @param successMessage success message + * @param settings policy settings + */ private void savePolicyAndApplySuccessMessage( final PolicyPageModel ppModel, final Map model, final PageMessages messages, final String successMessage, @@ -1004,7 +1013,7 @@ public class PolicyPageController extends PageController { // Log and set the success message messages.addSuccessMessage(successMessage); - log.debug("ACA Policy set to: " + ppModel.toString()); + log.debug("ACA Policy set to: {}", ppModel.toString()); model.put(MESSAGES_ATTRIBUTE, messages); } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java index ec217f87..2ef1ad6e 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java @@ -29,8 +29,9 @@ import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.util.StreamUtils; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.multipart.MultipartFile; @@ -107,16 +108,15 @@ public class ReferenceManifestPageController extends PageController getTableData( @Valid final DataTableInput input) { log.debug("Handling request for summary list: {}", input); String orderColumnName = input.getOrderColumnName(); - log.debug("Ordering on column: {}", orderColumnName); - log.debug("Querying with the following dataTableInput: {}", input); + log.info("Ordering on column: {}", orderColumnName); + log.info("Querying with the following dataTableInput: {}", input); FilteredRecordsList records = new FilteredRecordsList<>(); int currentPage = input.getStart() / input.getLength(); @@ -150,7 +150,7 @@ public class ReferenceManifestPageController extends PageController baseRims = new ArrayList<>(); List supportRims = new ArrayList<>(); - log.info(String.format("Processing %s uploaded files", files.length)); + log.info("Processing {} uploaded files", files.length); // loop through the files for (MultipartFile file : files) { @@ -182,16 +182,16 @@ public class ReferenceManifestPageController extends PageController { - log.info(String.format("Storing swidtag %s", rim.getFileName())); + log.info("Storing swidtag {}", rim.getFileName()); this.referenceManifestRepository.save(rim); }); supportRims.forEach((rim) -> { - log.info(String.format("Storing event log %s", rim.getFileName())); + log.info("Storing event log {}", rim.getFileName()); this.referenceManifestRepository.save(rim); }); @@ -223,10 +223,10 @@ public class ReferenceManifestPageController extends PageController model = new HashMap<>(); PageMessages messages = new PageMessages(); @@ -267,11 +267,11 @@ public class ReferenceManifestPageController extends PageController baseRims = new LinkedList<>(); baseRims.addAll(this.referenceManifestRepository .getBaseByManufacturerModel(supportRim.getPlatformManufacturer(), @@ -523,11 +523,7 @@ public class ReferenceManifestPageController extends PageController { * information */ @ResponseBody - @RequestMapping(value = "/list", - produces = MediaType.APPLICATION_JSON_VALUE, - method = RequestMethod.GET) + @GetMapping(value = "/list", + produces = MediaType.APPLICATION_JSON_VALUE) public DataTableResponse getTableData( @Valid final DataTableInput input) { - log.debug("Handling request for summary list: {}", input); + log.info("Handling request for summary list: {}", input); String orderColumnName = input.getOrderColumnName(); - log.debug("Ordering on column: {}", orderColumnName); + log.info("Ordering on column: {}", orderColumnName); // check that the alert is not archived and that it is in the specified report CriteriaModifier criteriaModifier = new CriteriaModifier() { @@ -106,7 +105,7 @@ public class RimDatabasePageController extends PageController { } }; - log.debug("Querying with the following dataTableInput: {}", input); + log.info("Querying with the following dataTableInput: {}", input); FilteredRecordsList referenceDigestValues = new FilteredRecordsList<>(); diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java index ba4fad8e..e9926aa3 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ValidationReportsPageController.java @@ -28,9 +28,9 @@ import org.springframework.data.domain.Sort; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.servlet.ModelAndView; @@ -111,8 +111,7 @@ public class ValidationReportsPageController extends PageController getTableData( final DataTableInput input) { @@ -146,7 +145,7 @@ public class ValidationReportsPageController extends PageController - - - + + + all runtime; build; native; contentfiles; analyzers; buildtransitive