From 12e6f48550515e1e221872087342ac618ed15f9c Mon Sep 17 00:00:00 2001 From: Cyrus <24922493+cyrus-dev@users.noreply.github.com> Date: Wed, 14 Feb 2024 16:24:01 -0500 Subject: [PATCH] Initial changes to refactor highlighting the failed components --- .../manager/ComponentResultRepository.java | 2 +- .../persist/entity/userdefined/Device.java | 3 +- .../certificate/ComponentResult.java | 65 +++++++++++++++++-- .../persist/service/ValidationService.java | 5 +- .../CertificateAttributeScvValidator.java | 18 ++--- .../validation/CredentialValidator.java | 2 +- .../SupplyChainCredentialValidator.java | 26 ++++---- .../utils/CertificateStringMapBuilder.java | 5 +- 8 files changed, 89 insertions(+), 37 deletions(-) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentResultRepository.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentResultRepository.java index b0f6f62f..e586999e 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentResultRepository.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/manager/ComponentResultRepository.java @@ -12,5 +12,5 @@ import java.util.UUID; public interface ComponentResultRepository extends JpaRepository { @Query(value = "SELECT * FROM ComponentResult where certificateId = ?1", nativeQuery = true) - List getComponentResultsByCertificate(UUID certificateId); + List findByCertificateId(UUID certificateId); } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java index 1aa0e7c8..14b8592a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/Device.java @@ -115,8 +115,7 @@ public class Device extends AbstractEntity { public String toString() { return String.format("Device Name: %s%nStatus: %s%nSummary: %s%n", name, healthStatus.getStatus(), - supplyChainValidationStatus.toString(), - summaryId); + supplyChainValidationStatus.toString()); } @Override diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java index ddb6f13c..b9bdcd4a 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java @@ -1,6 +1,8 @@ package hirs.attestationca.persist.entity.userdefined.certificate; import hirs.attestationca.persist.entity.AbstractEntity; +import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass; +import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.AttributeStatus; import jakarta.persistence.Entity; import lombok.AccessLevel; import lombok.EqualsAndHashCode; @@ -10,6 +12,10 @@ import lombok.NoArgsConstructor; import java.util.Objects; import java.util.UUID; +/** + * A component result is a DO to hold the status of a component validation status. This will + * also be used to display this common information on the certificate details page. + */ @EqualsAndHashCode(callSuper=false) @Getter @Entity @@ -17,22 +23,71 @@ import java.util.UUID; public class ComponentResult extends AbstractEntity { private UUID certificateId; - private int componentHash; private String expected; private String actual; private boolean mismatched; - public ComponentResult(final UUID certificateId, final int componentHash, + // embedded component info + private String manufacturer; + private String model; + private String serialNumber; + private String revisionNumber; + private boolean fieldReplaceable; + private ComponentClass componentClass; + private AttributeStatus attributeStatus; + + /** + * default constructor. + * @param certificateId + * @param expected + * @param actual + * @param manufacturer + * @param model + * @param serialNumber + * @param revisionNumber + * @param fieldReplaceable + * @param componentClass + * @param attributeStatus + */ + public ComponentResult(final UUID certificateId, + final String expected, final String actual, + final String manufacturer, final String model, + final String serialNumber, final String revisionNumber, + final boolean fieldReplaceable, final ComponentClass componentClass, + final AttributeStatus attributeStatus) { + this.certificateId = certificateId; + this.expected = expected; + this.actual = actual; + this.mismatched = Objects.equals(expected, actual); + this.manufacturer = manufacturer; + this.model = model; + this.serialNumber = serialNumber; + this.revisionNumber = revisionNumber; + this.fieldReplaceable = fieldReplaceable; + this.componentClass = componentClass; + this.attributeStatus = attributeStatus; + } + + /** + * default constructor. + * @param certificateId + * @param expected + * @param actual + */ + public ComponentResult(final UUID certificateId, final String expected, final String actual) { this.certificateId = certificateId; - this.componentHash = componentHash; this.expected = expected; this.actual = actual; this.mismatched = Objects.equals(expected, actual); } + /** + * The string method for log entries. + * @return a string for the component result + */ public String toString() { - return String.format("ComponentResult[%d]: expected=[%s] actual=[%s]", - componentHash, expected, actual); + return String.format("ComponentResult: expected=[%s] actual=[%s]", + expected, actual); } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java index 1418d556..34a8995b 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/service/ValidationService.java @@ -126,10 +126,7 @@ public class ValidationService { pc.setComponentFailures(result.getAdditionalInfo()); pc.setComponentFailureMessage(result.getMessage()); certificateRepository.save(pc); - for (ComponentResult componentResult - : CertificateAttributeScvValidator.getComponentResultList()) { - componentResultRepository.save(componentResult); - } + log.error(CertificateAttributeScvValidator.getComponentResultMap().size()); } return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL, result.getMessage(), pc, Level.WARN); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java index b2eb6d0c..aa6a3409 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CertificateAttributeScvValidator.java @@ -43,14 +43,14 @@ import static hirs.attestationca.persist.enums.AppraisalStatus.Status.PASS; @Log4j2 public class CertificateAttributeScvValidator extends SupplyChainCredentialValidator { - private static List componentResultList = new LinkedList<>(); + private static Map> componentResultMap = new HashMap<>(); /** * Getter for the list of components to verify. * @return a collection of components */ - public static List getComponentResultList() { - return Collections.unmodifiableList(componentResultList); + public static Map> getComponentResultMap() { + return Collections.unmodifiableMap(componentResultMap); } /** @@ -881,6 +881,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid final ComponentIdentifier pcComponent, final ComponentInfo potentialMatch) { boolean matchesSoFar = true; + List componentResultList = new LinkedList<>(); matchesSoFar &= isMatchOrEmptyInPlatformCert( potentialMatch.getComponentManufacturer(), @@ -888,7 +889,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid ); if (matchesSoFar) { - componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(), + componentResultList.add(new ComponentResult(certificateId, potentialMatch.getComponentSerial(), pcComponent.getComponentSerial().getString())); } @@ -899,7 +900,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid ); if (matchesSoFar) { - componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(), + componentResultList.add(new ComponentResult(certificateId, potentialMatch.getComponentSerial(), pcComponent.getComponentSerial().getString())); } @@ -910,7 +911,7 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid ); if (matchesSoFar) { - componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(), + componentResultList.add(new ComponentResult(certificateId, potentialMatch.getComponentSerial(), pcComponent.getComponentSerial().getString())); } @@ -921,15 +922,16 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid ); if (matchesSoFar) { - componentResultList.add(new ComponentResult(certificateId, pcComponent.hashCode(), + componentResultList.add(new ComponentResult(certificateId, potentialMatch.getComponentSerial(), pcComponent.getComponentSerial().getString())); } + componentResultMap.put(pcComponent, componentResultList); + return matchesSoFar; } - /** * Checks if the fields in the potentialMatch match the fields in the pcComponent, * or if the relevant field in the pcComponent is empty. diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java index 5fb76a7c..abe9be95 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/CredentialValidator.java @@ -26,7 +26,7 @@ public class CredentialValidator extends SupplyChainCredentialValidator { * Checks if the endorsement credential is valid. * * @param ec the endorsement credential to verify. - * @param trustStore trust store holding trusted trusted certificates. + * @param trustStore trust store holding trusted certificates. * @param acceptExpired whether or not to accept expired and not yet valid certificates * as valid. * @return the result of the validation. diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java index ed32b0f7..eec08312 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidator.java @@ -93,15 +93,13 @@ public class SupplyChainCredentialValidator { } else if (trustStore.size() == 0) { throw new SupplyChainValidatorException("Truststore is empty"); } - } catch (KeyStoreException e) { - log.error("Error accessing trust store: " + e.getMessage()); + } catch (KeyStoreException ksEx) { + log.error("Error accessing trust store: " + ksEx.getMessage()); } try { Set trustedCerts = new HashSet<>(); - Enumeration alias = trustStore.aliases(); - while (alias.hasMoreElements()) { trustedCerts.add((X509Certificate) trustStore.getCertificate(alias.nextElement())); } @@ -111,8 +109,8 @@ public class SupplyChainCredentialValidator { log.error("Cert chain could not be validated"); } return certChainValidated; - } catch (KeyStoreException e) { - throw new SupplyChainValidatorException("Error with the trust store", e); + } catch (KeyStoreException ksEx) { + throw new SupplyChainValidatorException("Error with the trust store", ksEx); } } @@ -139,8 +137,8 @@ public class SupplyChainCredentialValidator { } else if (trustStore.size() == 0) { throw new SupplyChainValidatorException("Truststore is empty"); } - } catch (KeyStoreException e) { - log.error("Error accessing trust store: " + e.getMessage()); + } catch (KeyStoreException ksEx) { + log.error("Error accessing trust store: " + ksEx.getMessage()); } try { @@ -152,9 +150,9 @@ public class SupplyChainCredentialValidator { } return validateCertChain(cert, trustedCerts).isEmpty(); - } catch (KeyStoreException e) { - log.error("Error accessing keystore", e); - throw new SupplyChainValidatorException("Error with the trust store", e); + } catch (KeyStoreException ksEx) { + log.error("Error accessing keystore", ksEx); + throw new SupplyChainValidatorException("Error with the trust store", ksEx); } } @@ -498,10 +496,10 @@ public class SupplyChainCredentialValidator { PublicKey key = cert.getPublicKey(); cert.verify(key); return true; - } catch (SignatureException | InvalidKeyException e) { + } catch (SignatureException | InvalidKeyException ex) { return false; - } catch (CertificateException | NoSuchAlgorithmException | NoSuchProviderException e) { - log.error("Exception occurred while checking if cert is self-signed", e); + } catch (CertificateException | NoSuchAlgorithmException | NoSuchProviderException ex) { + log.error("Exception occurred while checking if cert is self-signed", ex); return false; } } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java index c6845611..3dc91cba 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/utils/CertificateStringMapBuilder.java @@ -372,8 +372,9 @@ public final class CertificateStringMapBuilder { for (ComponentResult componentResult : componentResultRepository.findAll()) { if (componentResult.getCertificateId() .equals(certificate.getId())) { - results.put(componentResult.getComponentHash(), - componentResult.getExpected()); +// results.put(componentResult.getComponentHash(), +// componentResult.getExpected()); + log.error(componentResult.toString()); } }