Merge branch 'master' into issue-251

HIRS_AttestationCA/src/main/java/hirs/attestationca/AbstractAttestationCertificateAuthority.java

@@ -10,18 +10,19 @@ import hirs.attestationca.service.SupplyChainValidationService;
 import hirs.data.persist.AppraisalStatus;
 import hirs.data.persist.Device;
 import hirs.data.persist.DeviceInfoReport;
-import hirs.data.persist.FirmwareInfo;
+import hirs.data.persist.info.FirmwareInfo;
-import hirs.data.persist.HardwareInfo;
+import hirs.data.persist.info.HardwareInfo;
-import hirs.data.persist.NetworkInfo;
+import hirs.data.persist.info.NetworkInfo;
-import hirs.data.persist.OSInfo;
+import hirs.data.persist.info.OSInfo;
 import hirs.data.persist.SupplyChainValidationSummary;
-import hirs.data.persist.TPMInfo;
+import hirs.data.persist.info.TPMInfo;
 import hirs.data.persist.certificate.Certificate;
 import hirs.data.persist.certificate.EndorsementCredential;
 import hirs.data.persist.certificate.IssuedAttestationCertificate;
 import hirs.data.persist.certificate.PlatformCredential;
 import hirs.data.service.DeviceRegister;
 import hirs.persist.CertificateManager;
+import hirs.persist.ReferenceManifestManager;
 import hirs.persist.DBManager;
 import hirs.persist.DeviceManager;
 import hirs.persist.TPM2ProvisionerState;
@@ -152,11 +153,10 @@ public abstract class AbstractAttestationCertificateAuthority
     private final Integer validDays;
 
     private final CertificateManager certificateManager;
+    private final ReferenceManifestManager referenceManifestManager;
     private final DeviceRegister deviceRegister;
     private final DeviceManager deviceManager;
     private final DBManager<TPM2ProvisionerState> tpm2ProvisionerStateDBManager;
-    private String[] pcrsList;
-    private String[] pcrs256List;
     private String tpmQuoteHash;
     private String tpmSignatureHash;
     private String pcrValues;
@@ -168,6 +168,7 @@ public abstract class AbstractAttestationCertificateAuthority
      * @param acaCertificate the ACA certificate
      * @param structConverter the struct converter
      * @param certificateManager the certificate manager
+     * @param referenceManifestManager the Reference Manifest manager
      * @param deviceRegister the device register
      * @param validDays the number of days issued certs are valid
      * @param deviceManager the device manager
@@ -179,6 +180,7 @@ public abstract class AbstractAttestationCertificateAuthority
             final PrivateKey privateKey, final X509Certificate acaCertificate,
             final StructConverter structConverter,
             final CertificateManager certificateManager,
+            final ReferenceManifestManager referenceManifestManager,
             final DeviceRegister deviceRegister, final int validDays,
             final DeviceManager deviceManager,
             final DBManager<TPM2ProvisionerState> tpm2ProvisionerStateDBManager) {
@@ -187,6 +189,7 @@ public abstract class AbstractAttestationCertificateAuthority
         this.acaCertificate = acaCertificate;
         this.structConverter = structConverter;
         this.certificateManager = certificateManager;
+        this.referenceManifestManager = referenceManifestManager;
         this.deviceRegister = deviceRegister;
         this.validDays = validDays;
         this.deviceManager = deviceManager;
@@ -212,7 +215,6 @@ public abstract class AbstractAttestationCertificateAuthority
         IdentityRequestEnvelope challenge =
                 structConverter.convert(identityRequest, IdentityRequestEnvelope.class);
 
-        //
         byte[] identityProof = unwrapIdentityRequest(challenge.getRequest());
         // the decrypted symmetric blob should be in the format of an IdentityProof. Use the
         // struct converter to generate it.
@@ -506,9 +508,6 @@ public abstract class AbstractAttestationCertificateAuthority
             }
             if (request.getPcrslist() != null && !request.getPcrslist().isEmpty()) {
                 this.pcrValues = request.getPcrslist().toStringUtf8();
-                String[] pcrsSet = this.pcrValues.split("\\+");
-                this.pcrsList = parsePCRValues(pcrsSet[0]);
-                this.pcrs256List = parsePCRValues(pcrsSet[1]);
             }
 
             // Get device name and device
@@ -596,8 +595,7 @@ public abstract class AbstractAttestationCertificateAuthority
         byte[] modulus = HexUtils.subarray(publicArea,
                 pubLen - RSA_MODULUS_LENGTH,
                 pubLen - 1);
-        RSAPublicKey pub = (RSAPublicKey) assemblePublicKey(modulus);
+        return (RSAPublicKey) assemblePublicKey(modulus);
-        return pub;
     }
 
     /**
@@ -621,9 +619,10 @@ public abstract class AbstractAttestationCertificateAuthority
 
         // convert mac hex string to byte values
         byte[] macAddressBytes = new byte[MAC_BYTES];
+        Integer hex;
         if (macAddressParts.length == MAC_BYTES) {
             for (int i = 0; i < MAC_BYTES; i++) {
-                Integer hex = HexUtils.hexToInt(macAddressParts[i]);
+                hex = HexUtils.hexToInt(macAddressParts[i]);
                 macAddressBytes[i] = hex.byteValue();
             }
         }
@@ -884,7 +883,6 @@ public abstract class AbstractAttestationCertificateAuthority
      * Assembles a public key using a defined big int modulus and the well known exponent.
      */
     private PublicKey assemblePublicKey(final BigInteger modulus) {
-
         // generate a key spec using mod and exp
         RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, EXPONENT);
 
@@ -1242,8 +1240,7 @@ public abstract class AbstractAttestationCertificateAuthority
     private byte[] cryptKDFa(final byte[] seed, final String label, final byte[] context,
                                    final int sizeInBytes)
             throws NoSuchAlgorithmException, InvalidKeyException {
-        ByteBuffer b;
+        ByteBuffer b = ByteBuffer.allocate(4);
-        b = ByteBuffer.allocate(4);
         b.putInt(1);
         byte[] counter = b.array();
         // get the label
@@ -1271,14 +1268,13 @@ public abstract class AbstractAttestationCertificateAuthority
         }
         System.arraycopy(desiredSizeInBits, 0, message, marker, 4);
         Mac hmac;
-        byte[] toReturn = null;
+        byte[] toReturn = new byte[sizeInBytes];
 
         hmac = Mac.getInstance("HmacSHA256");
         SecretKeySpec hmacKey = new SecretKeySpec(seed, hmac.getAlgorithm());
         hmac.init(hmacKey);
         hmac.update(message);
         byte[] hmacResult = hmac.doFinal();
-        toReturn = new byte[sizeInBytes];
         System.arraycopy(hmacResult, 0, toReturn, 0, sizeInBytes);
         return toReturn;
     }
@@ -1290,11 +1286,9 @@ public abstract class AbstractAttestationCertificateAuthority
      * @throws NoSuchAlgorithmException improper algorithm selected
      */
     private byte[] sha256hash(final byte[] blob) throws NoSuchAlgorithmException {
-        byte[] toReturn = null;
         MessageDigest md = MessageDigest.getInstance("SHA-256");
         md.update(blob);
-        toReturn = md.digest();
+        return md.digest();
-        return toReturn;
     }
 
     /**

HIRS_AttestationCA/src/main/java/hirs/attestationca/rest/RestfulAttestationCertificateAuthority.java

@@ -17,6 +17,7 @@ import hirs.attestationca.AbstractAttestationCertificateAuthority;
 import hirs.attestationca.service.SupplyChainValidationService;
 import hirs.data.service.DeviceRegister;
 import hirs.persist.CertificateManager;
+import hirs.persist.ReferenceManifestManager;
 import hirs.persist.DeviceManager;
 import hirs.structs.converters.StructConverter;
 
@@ -36,6 +37,7 @@ public class RestfulAttestationCertificateAuthority
      * @param acaCertificate the ACA certificate
      * @param structConverter the struct converter
      * @param certificateManager the certificate manager
+     * @param referenceManifestManager the referenceManifestManager
      * @param deviceRegister the device register
      * @param validDays the number of days issued certs are valid
      * @param deviceManager the device manager
@@ -48,12 +50,14 @@ public class RestfulAttestationCertificateAuthority
             final PrivateKey privateKey, final X509Certificate acaCertificate,
             final StructConverter structConverter,
             final CertificateManager certificateManager,
+            final ReferenceManifestManager referenceManifestManager,
             final DeviceRegister deviceRegister,
             final DeviceManager deviceManager,
             final DBManager<TPM2ProvisionerState> tpm2ProvisionerStateDBManager,
             @Value("${aca.certificates.validity}") final int validDays) {
         super(supplyChainValidationService, privateKey, acaCertificate, structConverter,
-                certificateManager, deviceRegister, validDays, deviceManager,
+                certificateManager, referenceManifestManager,
+                deviceRegister, validDays, deviceManager,
                 tpm2ProvisionerStateDBManager);
     }
 

HIRS_AttestationCA/src/main/java/hirs/attestationca/service/SupplyChainValidationServiceImpl.java

@@ -5,6 +5,11 @@ import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
+
+import hirs.data.persist.TPMMeasurementRecord;
+import hirs.data.persist.baseline.TPMBaseline;
+import hirs.data.persist.SwidResource;
+import hirs.validation.SupplyChainCredentialValidator;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -32,8 +37,10 @@ import hirs.data.persist.certificate.CertificateAuthorityCredential;
 import hirs.data.persist.certificate.EndorsementCredential;
 import hirs.data.persist.certificate.PlatformCredential;
 import hirs.data.persist.certificate.IssuedAttestationCertificate;
+import hirs.data.persist.ReferenceManifest;
 import hirs.persist.AppraiserManager;
 import hirs.persist.CertificateManager;
+import hirs.persist.ReferenceManifestManager;
 import hirs.persist.CertificateSelector;
 import hirs.persist.CrudManager;
 import hirs.persist.DBManagerException;
@@ -43,11 +50,15 @@ import hirs.validation.CredentialValidator;
 import java.util.HashMap;
 import java.util.Map;
 
+import static hirs.data.persist.AppraisalStatus.Status.FAIL;
+import static hirs.data.persist.AppraisalStatus.Status.PASS;
+
 /**
- * The main executor of supply chain verification tasks. The AbstractAttestationCertificateAuthority
+ * The main executor of supply chain verification tasks. The
- * will feed it the PC, EC, other relevant certificates, and serial numbers of the provisioning
+ * AbstractAttestationCertificateAuthority will feed it the PC, EC, other
- * task, and it will then manipulate the data as necessary, retrieve useful certs, and arrange
+ * relevant certificates, and serial numbers of the provisioning task, and it
- * for actual validation by the SupplyChainValidator.
+ * will then manipulate the data as necessary, retrieve useful certs, and
+ * arrange for actual validation by the SupplyChainValidator.
  */
 @Service
 @Import(PersistenceConfiguration.class)
@@ -55,19 +66,21 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
 
     private PolicyManager policyManager;
     private AppraiserManager appraiserManager;
+    private ReferenceManifestManager referenceManifestManager;
     private CertificateManager certificateManager;
     private CredentialValidator supplyChainCredentialValidator;
     private CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager;
 
-    private static final Logger LOGGER =
+    private static final Logger LOGGER
-            LogManager.getLogger(SupplyChainValidationServiceImpl.class);
+            = LogManager.getLogger(SupplyChainValidationServiceImpl.class);
-
 
     /**
      * Constructor.
+     *
      * @param policyManager the policy manager
      * @param appraiserManager the appraiser manager
      * @param certificateManager the cert manager
+     * @param referenceManifestManager the RIM manager
      * @param supplyChainValidatorSummaryManager the summary manager
      * @param supplyChainCredentialValidator the credential validator
      */
@@ -75,19 +88,21 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
     public SupplyChainValidationServiceImpl(final PolicyManager policyManager,
             final AppraiserManager appraiserManager,
             final CertificateManager certificateManager,
+            final ReferenceManifestManager referenceManifestManager,
             final CrudManager<SupplyChainValidationSummary> supplyChainValidatorSummaryManager,
             final CredentialValidator supplyChainCredentialValidator) {
         this.policyManager = policyManager;
         this.appraiserManager = appraiserManager;
         this.certificateManager = certificateManager;
+        this.referenceManifestManager = referenceManifestManager;
         this.supplyChainValidatorSummaryManager = supplyChainValidatorSummaryManager;
         this.supplyChainCredentialValidator = supplyChainCredentialValidator;
     }
 
     /**
-     * The "main" method of supply chain validation. Takes the credentials from an identity
+     * The "main" method of supply chain validation. Takes the credentials from
-     * request and validates the supply chain in accordance to the current supply chain
+     * an identity request and validates the supply chain in accordance to the
-     * policy.
+     * current supply chain policy.
      *
      * @param ec The endorsement credential from the identity request.
      * @param pcs The platform credentials from the identity request.
@@ -96,8 +111,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
      */
     @Override
     public SupplyChainValidationSummary validateSupplyChain(final EndorsementCredential ec,
-        final Set<PlatformCredential> pcs,
+            final Set<PlatformCredential> pcs,
-        final Device device) {
+            final Device device) {
         final Appraiser supplyChainAppraiser = appraiserManager.getAppraiser(
                 SupplyChainAppraiser.NAME);
         SupplyChainPolicy policy = (SupplyChainPolicy) policyManager.getDefaultPolicy(
@@ -163,7 +178,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
                         SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL,
                         AppraisalStatus.Status.FAIL,
                         "Platform credential(s) missing."
-                                + " Cannot validate attributes",
+                        + " Cannot validate attributes",
                         null, Level.ERROR));
             } else {
                 Iterator<PlatformCredential> it = pcs.iterator();
@@ -173,11 +188,11 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
 
                     if (pc != null) {
                         if (pc.isDeltaChain()) {
-                        // this check validates the delta changes and recompares
+                            // this check validates the delta changes and recompares
-                        // the modified list to the original.
+                            // the modified list to the original.
                             attributeScv = validateDeltaPlatformCredentialAttributes(
-                                            pc, device.getDeviceInfo(),
+                                    pc, device.getDeviceInfo(),
-                                            baseCredential, deltaMapping);
+                                    baseCredential, deltaMapping);
                         } else {
                             attributeScv = validatePlatformCredentialAttributes(
                                     pc, device.getDeviceInfo(), ec);
@@ -186,16 +201,16 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
                         if (platformScv != null) {
                             // have to make sure the attribute validation isn't ignored and
                             // doesn't override general validation status
-                            if (platformScv.getResult() == AppraisalStatus.Status.PASS
+                            if (platformScv.getResult() == PASS
-                                    && attributeScv.getResult() != AppraisalStatus.Status.PASS) {
+                                    && attributeScv.getResult() != PASS) {
                                 // if the platform trust store validated but the attribute didn't
                                 // replace
                                 validations.remove(platformScv);
                                 validations.add(attributeScv);
-                            } else if ((platformScv.getResult() == AppraisalStatus.Status.PASS
+                            } else if ((platformScv.getResult() == PASS
-                                    && attributeScv.getResult() == AppraisalStatus.Status.PASS)
+                                    && attributeScv.getResult() == PASS)
-                                    || (platformScv.getResult() != AppraisalStatus.Status.PASS
+                                    || (platformScv.getResult() != PASS
-                                    && attributeScv.getResult() != AppraisalStatus.Status.PASS)) {
+                                    && attributeScv.getResult() != PASS)) {
                                 // if both trust store and attributes validated or failed
                                 // combine messages
                                 validations.remove(platformScv);
@@ -219,18 +234,20 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
             // may need to associated with device to pull the correct info
             // compare tpm quote with what is pulled from RIM associated file
             IssuedAttestationCertificate attCert = IssuedAttestationCertificate
-                .select(this.certificateManager)
+                    .select(this.certificateManager)
-                .byDeviceId(device.getId())
+                    .byDeviceId(device.getId())
-                .getCertificate();
+                    .getCertificate();
+            PlatformCredential pc = PlatformCredential
+                    .select(this.certificateManager)
+                    .byDeviceId(device.getId())
+                    .getCertificate();
 
-            if (attCert != null) {
+            validations.add(validateFirmware(pc, attCert));
-                LOGGER.error(attCert.getPcrValues());
-            }
         }
 
         // Generate validation summary, save it, and return it.
-        SupplyChainValidationSummary summary =
+        SupplyChainValidationSummary summary
-                new SupplyChainValidationSummary(device, validations);
+                = new SupplyChainValidationSummary(device, validations);
         if (baseCredential != null) {
             baseCredential.setComponentFailures(summary.getMessage());
             this.certificateManager.update(baseCredential);
@@ -243,10 +260,16 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
         return summary;
     }
 
+            /**
+             * TDM: I need to compare the manufacturer id, name and model load
+             * that RIM file and associated eventlog, pull that flag for sha 1
+             * or 256 and then compare pcrs
+             */
+
     /**
-     * This method is a sub set of the validate supply chain method and focuses on the specific
+     * This method is a sub set of the validate supply chain method and focuses
-     * multibase validation check for a delta chain.  This method also includes the check
+     * on the specific multibase validation check for a delta chain. This method
-     * for delta certificate CA validation as well.
+     * also includes the check for delta certificate CA validation as well.
      *
      * @param pc The platform credential getting checked
      * @param platformScv The validation record
@@ -266,7 +289,7 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
             // if it is, then update the SupplyChainValidation message and result
             if (result) {
                 String message = "Multiple Base certificates found in chain.";
-                if (!platformScv.getResult().equals(AppraisalStatus.Status.PASS)) {
+                if (!platformScv.getResult().equals(PASS)) {
                     message = String.format("%s,%n%s", platformScv.getMessage(), message);
                 }
                 subPlatformScv = buildValidationRecord(
@@ -299,8 +322,93 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
         return subPlatformScv;
     }
 
+    private SupplyChainValidation validateFirmware(final PlatformCredential pc,
+            final IssuedAttestationCertificate attCert) {
+
+        TPMBaseline tpmBline;
+        String[] baseline = new String[Integer.SIZE];
+        Level level = Level.ERROR;
+        AppraisalStatus fwStatus;
+
+        if (attCert != null) {
+            LOGGER.error(attCert.getPcrValues());
+            String[] pcrsSet = attCert.getPcrValues().split("\\+");
+            String[] pcrs1 = pcrsSet[0].split("\\n");
+            String[] pcrs256 = pcrsSet[1].split("\\n");
+            for (int i = 0; i < pcrs1.length; i++) {
+                if (pcrs1[i].contains(":")) {
+                    pcrs1[i].split(":");
+                }
+            }
+
+            for (int i = 0; i < pcrs256.length; i++) {
+                if (pcrs256[i].contains(":")) {
+                    pcrs256[i].split(":");
+                }
+            }
+
+            ReferenceManifest rim = ReferenceManifest.select(
+                    this.referenceManifestManager)
+                    .byManufacturer(pc.getManufacturer())
+                    .getRIM();
+
+            if (rim == null) {
+                fwStatus = new AppraisalStatus(FAIL, String.format("Firmware validation failed: "
+                        + "No associated RIM file could be found for %s",
+                        pc.getManufacturer()));
+            } else {
+                StringBuilder sb = new StringBuilder();
+                fwStatus = new AppraisalStatus(PASS,
+                        SupplyChainCredentialValidator.FIRMWARE_VALID);
+                String failureMsg = "Firmware validation failed: PCR %d does not"
+                        + " match%n%tBaseline [%s] <> Device [%s]%n";
+
+                List<SwidResource> swids = rim.parseResource();
+                for (SwidResource swid : swids) {
+                    baseline = swid.getPcrValues()
+                            .toArray(new String[swid.getPcrValues().size()]);
+                }
+                /**
+                 * baseline is null. The purpose of the if check was to
+                 * determine to process doing pcrs1 or pcrs256. So I have to
+                 * rethink this.
+                 *
+                 * this goes back to not knowing if I should do one or the other
+                 * and how to make that a setting of some kind.
+                 */
+                if (baseline[0].length() == pcrs1[0].length()) {
+                    for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
+                        if (!baseline[i].equals(pcrs1[i])) {
+                            sb.append(String.format(failureMsg, i, baseline[i], pcrs1[i]));
+                            break;
+                        }
+                    }
+                } else if (baseline[0].length() == pcrs256[0].length()) {
+                    for (int i = 0; i <= TPMMeasurementRecord.MAX_PCR_ID; i++) {
+                        if (!baseline[i].equals(pcrs256[i])) {
+                            sb.append(String.format(failureMsg, i, baseline[i], pcrs256[i]));
+                            break;
+                        }
+                    }
+                }
+                if (sb.length() > 0) {
+                    level = Level.ERROR;
+                    fwStatus = new AppraisalStatus(FAIL, sb.toString());
+                } else {
+                    level = Level.INFO;
+                }
+            }
+        } else {
+            fwStatus = new AppraisalStatus(FAIL, "Associated Issued Attestation"
+                    + " Certificate can not be found.");
+        }
+
+        return buildValidationRecord(SupplyChainValidation.ValidationType.FIRMWARE,
+                fwStatus.getAppStatus(), fwStatus.getMessage(), pc, level);
+    }
+
     private SupplyChainValidation validateEndorsementCredential(final EndorsementCredential ec,
-                                                                final boolean acceptExpiredCerts) {
+            final boolean acceptExpiredCerts) {
         final SupplyChainValidation.ValidationType validationType
                 = SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL;
         LOGGER.info("Validating endorsement credential");
@@ -316,14 +424,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
                 validateEndorsementCredential(ec, ecStore, acceptExpiredCerts);
         switch (result.getAppStatus()) {
             case PASS:
-                return buildValidationRecord(validationType, AppraisalStatus.Status.PASS,
+                return buildValidationRecord(validationType, PASS,
                         result.getMessage(), ec, Level.INFO);
             case FAIL:
                 return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
                         result.getMessage(), ec, Level.WARN);
             case ERROR:
-                return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
-                        result.getMessage(), ec, Level.ERROR);
             default:
                 return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
                         result.getMessage(), ec, Level.ERROR);
@@ -331,9 +437,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
     }
 
     private SupplyChainValidation validatePlatformCredential(final PlatformCredential pc,
-                                                             final KeyStore
+            final KeyStore trustedCertificateAuthority,
-                                                                     trustedCertificateAuthority,
+            final boolean acceptExpiredCerts) {
-                                                             final boolean acceptExpiredCerts) {
         final SupplyChainValidation.ValidationType validationType
                 = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL;
 
@@ -347,14 +452,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
                 trustedCertificateAuthority, acceptExpiredCerts);
         switch (result.getAppStatus()) {
             case PASS:
-                return buildValidationRecord(validationType, AppraisalStatus.Status.PASS,
+                return buildValidationRecord(validationType, PASS,
                         result.getMessage(), pc, Level.INFO);
             case FAIL:
                 return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
                         result.getMessage(), pc, Level.WARN);
             case ERROR:
-                return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
-                        result.getMessage(), pc, Level.ERROR);
             default:
                 return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
                         result.getMessage(), pc, Level.ERROR);
@@ -362,8 +465,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
     }
 
     private SupplyChainValidation validatePlatformCredentialAttributes(final PlatformCredential pc,
-           final DeviceInfoReport deviceInfoReport,
+            final DeviceInfoReport deviceInfoReport,
-           final EndorsementCredential ec) {
+            final EndorsementCredential ec) {
         final SupplyChainValidation.ValidationType validationType
                 = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL;
 
@@ -378,14 +481,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
                 validatePlatformCredentialAttributes(pc, deviceInfoReport, ec);
         switch (result.getAppStatus()) {
             case PASS:
-                return buildValidationRecord(validationType, AppraisalStatus.Status.PASS,
+                return buildValidationRecord(validationType, PASS,
                         result.getMessage(), pc, Level.INFO);
             case FAIL:
                 return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
                         result.getMessage(), pc, Level.WARN);
             case ERROR:
-                return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
-                        result.getMessage(), pc, Level.ERROR);
             default:
                 return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
                         result.getMessage(), pc, Level.ERROR);
@@ -397,8 +498,8 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
             final DeviceInfoReport deviceInfoReport,
             final PlatformCredential base,
             final Map<PlatformCredential, SupplyChainValidation> deltaMapping) {
-        final SupplyChainValidation.ValidationType validationType =
+        final SupplyChainValidation.ValidationType validationType
-                SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL;
+                = SupplyChainValidation.ValidationType.PLATFORM_CREDENTIAL;
 
         if (delta == null) {
             LOGGER.error("No delta certificate to validate");
@@ -412,14 +513,12 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
                         base, deltaMapping);
         switch (result.getAppStatus()) {
             case PASS:
-                return buildValidationRecord(validationType, AppraisalStatus.Status.PASS,
+                return buildValidationRecord(validationType, PASS,
                         result.getMessage(), delta, Level.INFO);
             case FAIL:
                 return buildValidationRecord(validationType, AppraisalStatus.Status.FAIL,
                         result.getMessage(), delta, Level.WARN);
             case ERROR:
-                return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
-                        result.getMessage(), delta, Level.ERROR);
             default:
                 return buildValidationRecord(validationType, AppraisalStatus.Status.ERROR,
                         result.getMessage(), delta, Level.ERROR);
@@ -427,8 +526,9 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
     }
 
     /**
-     * Creates a supply chain validation record and logs the validation
+     * Creates a supply chain validation record and logs the validation message
-     * message at the specified log level.
+     * at the specified log level.
+     *
      * @param validationType the type of validation
      * @param result the appraisal status
      * @param message the validation message to include in the summary and log
@@ -451,18 +551,19 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
     }
 
     /**
-     * This method is used to retrieve the entire CA chain (up to a
+     * This method is used to retrieve the entire CA chain (up to a trusted
-     * trusted self-signed certificate) for the given certificate.  This method will look up
+     * self-signed certificate) for the given certificate. This method will look
-     * CA certificates that have a matching issuer organization as the given certificate, and will
+     * up CA certificates that have a matching issuer organization as the given
-     * perform that operation recursively until all certificates for all relevant organizations
+     * certificate, and will perform that operation recursively until all
-     * have been retrieved.  For that reason, the returned set of certificates may be larger
+     * certificates for all relevant organizations have been retrieved. For that
-     * than the the single trust chain for the queried certificate, but is guaranteed to include
+     * reason, the returned set of certificates may be larger than the the
-     * the trust chain if it exists in this class' CertificateManager.
+     * single trust chain for the queried certificate, but is guaranteed to
+     * include the trust chain if it exists in this class' CertificateManager.
      * Returns the certificate authority credentials in a KeyStore.
      *
      * @param credential the credential whose CA chain should be retrieved
-     * @return A keystore containing all relevant CA credentials to the given certificate's
+     * @return A keystore containing all relevant CA credentials to the given
-     * organization or null if the keystore can't be assembled
+     * certificate's organization or null if the keystore can't be assembled
      */
     public KeyStore getCaChain(final Certificate credential) {
         KeyStore caKeyStore = null;
@@ -475,33 +576,37 @@ public class SupplyChainValidationServiceImpl implements SupplyChainValidationSe
     }
 
     /**
-     * This is a recursive method which is used to retrieve the entire CA chain (up to a
+     * This is a recursive method which is used to retrieve the entire CA chain
-     * trusted self-signed certificate) for the given certificate.  This method will look up
+     * (up to a trusted self-signed certificate) for the given certificate. This
-     * CA certificates that have a matching issuer organization as the given certificate, and will
+     * method will look up CA certificates that have a matching issuer
-     * perform that operation recursively until all certificates for all relevant organizations
+     * organization as the given certificate, and will perform that operation
-     * have been retrieved.  For that reason, the returned set of certificates may be larger
+     * recursively until all certificates for all relevant organizations have
-     * than the the single trust chain for the queried certificate, but is guaranteed to include
+     * been retrieved. For that reason, the returned set of certificates may be
-     * the trust chain if it exists in this class' CertificateManager.
+     * larger than the the single trust chain for the queried certificate, but
+     * is guaranteed to include the trust chain if it exists in this class'
+     * CertificateManager.
      *
-     * Implementation notes:
+     * Implementation notes: 1. Queries for CA certs with a subject org matching
-     * 1. Queries for CA certs with a subject org matching the given (argument's) issuer org
+     * the given (argument's) issuer org 2. Add that org to
-     * 2. Add that org to queriedOrganizations, so we don't search for that organization again
+     * queriedOrganizations, so we don't search for that organization again 3.
-     * 3. For each returned CA cert, add that cert to the result set, and recurse with that as the
+     * For each returned CA cert, add that cert to the result set, and recurse
-     *      argument (to go up the chain), if and only if we haven't already queried for that
+     * with that as the argument (to go up the chain), if and only if we haven't
-     *      organization (which prevents infinite loops on certs with an identical subject and
+     * already queried for that organization (which prevents infinite loops on
-     *      issuer org)
+     * certs with an identical subject and issuer org)
      *
      * @param credential the credential whose CA chain should be retrieved
-     * @param previouslyQueriedOrganizations a list of organizations to refrain from querying
+     * @param previouslyQueriedOrganizations a list of organizations to refrain
-     * @return a Set containing all relevant CA credentials to the given certificate's organization
+     * from querying
+     * @return a Set containing all relevant CA credentials to the given
+     * certificate's organization
      */
     private Set<CertificateAuthorityCredential> getCaChainRec(
             final Certificate credential,
             final Set<String> previouslyQueriedOrganizations
     ) {
-        CertificateSelector<CertificateAuthorityCredential> caSelector =
+        CertificateSelector<CertificateAuthorityCredential> caSelector
-                CertificateAuthorityCredential.select(certificateManager)
+                = CertificateAuthorityCredential.select(certificateManager)
-                        .bySubjectOrganization(credential.getIssuerOrganization());
+                .bySubjectOrganization(credential.getIssuerOrganization());
         Set<CertificateAuthorityCredential> certAuthsWithMatchingOrg = caSelector.getCertificates();
 
         Set<String> queriedOrganizations = new HashSet<>(previouslyQueriedOrganizations);

HIRS_AttestationCA/src/test/java/hirs/attestationca/AbstractAttestationCertificateAuthorityTest.java

@@ -130,7 +130,7 @@ public class AbstractAttestationCertificateAuthorityTest {
     @BeforeTest
     public void setup() {
         aca = new AbstractAttestationCertificateAuthority(null, keyPair.getPrivate(),
-                null, null, null, null, 1,
+                null, null, null, null, null, 1,
                 null, null) {
         };
     }

HIRS_AttestationCA/src/test/java/hirs/attestationca/service/SupplyChainValidationServiceImplTest.java

@@ -398,6 +398,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                 policyManager,
                 appraiserManager,
                 realCertMan,
+                null,
                 supplyChainValidationSummaryDBManager,
                 supplyChainCredentialValidator
         );
@@ -451,6 +452,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                 policyManager,
                 appraiserManager,
                 realCertMan,
+                null,
                 supplyChainValidationSummaryDBManager,
                 supplyChainCredentialValidator
         );
@@ -495,6 +497,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                 policyManager,
                 appraiserManager,
                 realCertMan,
+                null,
                 supplyChainValidationSummaryDBManager,
                 supplyChainCredentialValidator
         );
@@ -530,6 +533,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                 policyManager,
                 appraiserManager,
                 realCertMan,
+                null,
                 supplyChainValidationSummaryDBManager,
                 supplyChainCredentialValidator
         );
@@ -588,6 +592,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                 policyManager,
                 appraiserManager,
                 realCertMan,
+                null,
                 supplyChainValidationSummaryDBManager,
                 supplyChainCredentialValidator
         );
@@ -633,6 +638,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                 policyManager,
                 appraiserManager,
                 realCertMan,
+                null,
                 supplyChainValidationSummaryDBManager,
                 supplyChainCredentialValidator
         );
@@ -683,6 +689,7 @@ public class SupplyChainValidationServiceImplTest extends SpringPersistenceTest
                 policyManager,
                 appraiserManager,
                 realCertMan,
+                null,
                 supplyChainValidationSummaryDBManager,
                 new SupplyChainCredentialValidator()
         );

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificateRequestPageController.java

@@ -153,6 +153,17 @@ public class CertificateRequestPageController extends PageController<NoPageParam
 
         return mav;
     }
+    /**
+     * TODO
+     * 1. add flag for rim validation dependent on pc attribute flag DONE
+     * 2. create tpmbaseline on upload of rimel file (DONE?)
+     *    a. add device id?  though one won't exist yet
+     * 3. validation
+     *    a. looks for baseline
+     *    b. if it doesn't find one, looks for rim
+     *          a. creates baseline if it exists
+     *    c. validates after reading rimel, if it finds one.
+     */
 
     /**
      * Queries for the list of Certificates and returns a data table response
@@ -600,8 +611,8 @@ public class CertificateRequestPageController extends PageController<NoPageParam
         try {
             fileBytes = file.getBytes();
         } catch (IOException e) {
-            final String failMessage = "Failed to read uploaded file ("
+            final String failMessage = String.format(
-                    + fileName + "): ";
+                    "Failed to read uploaded file (%s): ", fileName);
             LOGGER.error(failMessage, e);
             messages.addError(failMessage + e.getMessage());
             return null;
@@ -615,22 +626,21 @@ public class CertificateRequestPageController extends PageController<NoPageParam
                 case TRUSTCHAIN:
                     return new CertificateAuthorityCredential(fileBytes);
                 default:
-                    final String failMessage = "Failed to parse uploaded file ("
+                    final String failMessage = String.format("Failed to parse uploaded file "
-                            + fileName + "). Invalid certificate type: "
+                            + "(%s). Invalid certificate type: %s", fileName, certificateType);
-                            + certificateType;
                     LOGGER.error(failMessage);
                     messages.addError(failMessage);
                     return null;
             }
         } catch (IOException e) {
-            final String failMessage = "Failed to parse uploaded file ("
+            final String failMessage = String.format(
-                    + fileName + "): ";
+                    "Failed to parse uploaded file (%s): ", fileName);
             LOGGER.error(failMessage, e);
             messages.addError(failMessage + e.getMessage());
             return null;
         } catch (IllegalArgumentException e) {
-            final String failMessage = "Certificate format not recognized("
+            final String failMessage = String.format(
-                    + fileName + "): ";
+                    "Certificate format not recognized(%s): ", fileName);
             LOGGER.error(failMessage, e);
             messages.addError(failMessage + e.getMessage());
             return null;

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/PolicyPageController.java

@@ -276,15 +276,13 @@ public class PolicyPageController extends PageController<NoPageParams> {
         try {
             SupplyChainPolicy policy = getDefaultPolicyAndSetInModel(ppModel, model);
 
-            //If PC Validation is enabled without EC Validation, disallow change
+            //If firmware is enabled without PC attributes, disallow change
-//            if (!isPolicyValid(firmwareValidationOptionEnabled,
+            if (firmwareValidationOptionEnabled && !policy.isPcAttributeValidationEnabled()) {
-            //policy.isFirmwareValidationEnabled(),
+                handleUserError(model, messages,
-//                    policy.isFirmwareValidationEnabled())) {
+                    "Firmware validation can not be "
-//                handleUserError(model, messages,
+                            + "enabled without PC Attributes policy enabled.");
-//                    "To disable Endorsement Credential Validation, Platform Validation"
+                return redirectToSelf(new NoPageParams(), model, attr);
-//                            + " must also be disabled.");
+            }
-//                return redirectToSelf(new NoPageParams(), model, attr);
-//            }
 
             // set the policy option and create success message
             if (firmwareValidationOptionEnabled) {

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/ReferenceManifestPageController.java

@@ -225,6 +225,10 @@ public class ReferenceManifestPageController
                         messages,
                         rim,
                         referenceManifestManager);
+
+                for (SwidResource swidRes : rim.parseResource()) {
+                    System.out.println("testing this section!");
+                }
             }
         }
 

HIRS_Provisioner/src/test/java/hirs/client/collector/DeviceInfoCollectorTest.java

@@ -21,7 +21,7 @@ import java.util.Enumeration;
 import hirs.DeviceInfoReportRequest;
 import hirs.collector.CollectorException;
 import hirs.data.persist.DeviceInfoReport;
-import hirs.data.persist.OSName;
+import hirs.data.persist.enums.OSName;
 
 /**
  * Unit tests for <code>DeviceInfoCollector</code>.

HIRS_Provisioner/src/test/java/hirs/provisioner/client/RestfulClientProvisionerTest.java

@@ -2,12 +2,12 @@ package hirs.provisioner.client;
 
 import hirs.client.collector.DeviceInfoCollector;
 import hirs.data.persist.DeviceInfoReport;
-import hirs.data.persist.FirmwareInfo;
+import hirs.data.persist.info.FirmwareInfo;
-import hirs.data.persist.HardwareInfo;
+import hirs.data.persist.info.HardwareInfo;
-import hirs.data.persist.NetworkInfo;
+import hirs.data.persist.info.NetworkInfo;
-import hirs.data.persist.OSInfo;
+import hirs.data.persist.info.OSInfo;
-import hirs.data.persist.OSName;
+import hirs.data.persist.enums.OSName;
-import hirs.data.persist.TPMInfo;
+import hirs.data.persist.info.TPMInfo;
 import hirs.structs.converters.StructConverter;
 import hirs.structs.elements.tpm.AsymmetricPublicKey;
 import hirs.tpm.tss.Tpm;

HIRS_Utils/src/main/java/hirs/alert/AlertResolutionAction.java

@@ -7,9 +7,9 @@ import hirs.alert.resolve.IgnoreAlertResolver;
 import hirs.alert.resolve.RemoveFromIMABaselineAlertResolver;
 import hirs.alert.resolve.RemoveFromTPMBaselineAlertResolver;
 import hirs.alert.resolve.RequestNewReportAlertResolver;
-import hirs.data.persist.Baseline;
+import hirs.data.persist.baseline.Baseline;
-import hirs.data.persist.SimpleImaBaseline;
+import hirs.data.persist.baseline.SimpleImaBaseline;
-import hirs.data.persist.TpmWhiteListBaseline;
+import hirs.data.persist.baseline.TpmWhiteListBaseline;
 
 /**
  * Specifies actions that can be taken to resolve an Alert.

HIRS_Utils/src/main/java/hirs/alert/AlertResolutionService.java

@@ -6,19 +6,17 @@ import hirs.appraiser.IMAAppraiser;
 import hirs.appraiser.TPMAppraiser;
 import hirs.data.persist.Alert;
 import hirs.alert.resolve.AlertResolverFactory;
-import static hirs.data.persist.Alert.AlertType.WHITE_LIST_PCR_MISMATCH;
-import static hirs.data.persist.Alert.AlertType.REQUIRED_SET_MISMATCH;
-import static hirs.data.persist.Alert.AlertType.UNKNOWN_FILE;
-import static hirs.data.persist.Alert.AlertType.WHITELIST_MISMATCH;
 import hirs.data.persist.Device;
 import hirs.data.persist.DeviceGroup;
 import hirs.data.persist.IMAPolicy;
-import hirs.data.persist.ImaAcceptableRecordBaseline;
+import hirs.data.persist.baseline.ImaAcceptableRecordBaseline;
-import hirs.data.persist.ImaBaseline;
+import hirs.data.persist.baseline.ImaBaseline;
-import hirs.data.persist.ImaIgnoreSetBaseline;
+import hirs.data.persist.baseline.ImaIgnoreSetBaseline;
-import hirs.data.persist.TPMBaseline;
+import hirs.data.persist.baseline.TPMBaseline;
 import hirs.data.persist.TPMPolicy;
-import hirs.data.persist.TpmWhiteListBaseline;
+import hirs.data.persist.baseline.TpmWhiteListBaseline;
+import hirs.data.persist.enums.AlertSource;
+import hirs.data.persist.enums.AlertType;
 import hirs.persist.AppraiserManager;
 import hirs.persist.DeviceManager;
 import hirs.persist.PolicyManager;
@@ -90,7 +88,7 @@ public class AlertResolutionService {
         // the same, so take them from the first alert
         DeviceGroup deviceGroup = deviceManager.getDevice(alerts.get(0).getDeviceName())
                 .getDeviceGroup();
-        Alert.Source source = alerts.get(0).getSource();
+        AlertSource source = alerts.get(0).getSource();
 
         // build a list of resolution options specific to the alert source
         LOGGER.debug(String.format("source of alerts is %s", source.toString()));
@@ -122,8 +120,8 @@ public class AlertResolutionService {
 
         List<AlertResolutionOption> options = new ArrayList<>();
         Device device = null;
-        Alert.Source sharedSource = null;
+        AlertSource sharedSource = null;
-        Alert.Source currentSource = null;
+        AlertSource currentSource = null;
         DeviceGroup sharedDeviceGroup = null;
         DeviceGroup currentDeviceGroup = null;
 
@@ -191,14 +189,14 @@ public class AlertResolutionService {
 
         boolean canAddToBaseline = true;
 
-        Alert.AlertType alertType;
+        AlertType alertType;
         for (Alert alert : alertList) {
             alertType = alert.getType();
 
             // addToBaseline only helps if each alert would be fixed by adding a record
-            if (!alertType.equals(WHITELIST_MISMATCH)
+            if (!alertType.equals(AlertType.WHITELIST_MISMATCH)
-                    && !alertType.equals(REQUIRED_SET_MISMATCH)
+                    && !alertType.equals(AlertType.REQUIRED_SET_MISMATCH)
-                    && !alertType.equals(UNKNOWN_FILE)) {
+                    && !alertType.equals(AlertType.UNKNOWN_FILE)) {
                 LOGGER.debug("cannot add ima record to baseline to resolve alert because alert is"
                         + " type {}", alertType);
                 canAddToBaseline = false;
@@ -269,7 +267,7 @@ public class AlertResolutionService {
         // should only attempt to add to the baseline if all the alerts are of
         // the type WHITE_LIST_PCR_MISMATCH
         for (Alert alert : alertList) {
-            if (!alert.getType().equals(WHITE_LIST_PCR_MISMATCH)) {
+            if (!alert.getType().equals(AlertType.WHITE_LIST_PCR_MISMATCH)) {
                 canEditBaseline = false;
                 break;
             }

HIRS_Utils/src/main/java/hirs/alert/JsonAlertService.java

@@ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import hirs.data.persist.enums.AlertSeverity;
 import java.util.Optional;
 import java.util.UUID;
 
@@ -88,7 +89,7 @@ public class JsonAlertService extends ManagedAlertService {
         items.put("hostname", InetAddress.getLocalHost().getHostName());
         items.put("source", "PORTAL");
         items.put("type", "Test JSON");
-        items.put("severity", Alert.Severity.INFO.toString());
+        items.put("severity", AlertSeverity.INFO.toString());
         items.put("details", "This is a test alert sent by the HIRS portal.");
 
         return send(jsonMonitor, buildJson(items));

HIRS_Utils/src/main/java/hirs/alert/resolve/AddToIMABaselineAlertResolver.java

@@ -1,7 +1,7 @@
 package hirs.alert.resolve;
 
 import hirs.data.persist.Alert;
-import hirs.data.persist.IMABaselineRecord;
+import hirs.data.persist.baseline.IMABaselineRecord;
 import org.springframework.stereotype.Component;
 
 /**

HIRS_Utils/src/main/java/hirs/alert/resolve/BaselineAlertResolver.java

@@ -1,7 +1,7 @@
 package hirs.alert.resolve;
 
 import hirs.alert.AlertResolutionAction;
-import hirs.data.persist.Baseline;
+import hirs.data.persist.baseline.Baseline;
 import hirs.persist.BaselineManager;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;

HIRS_Utils/src/main/java/hirs/alert/resolve/IMABaselineAlertResolver.java

@@ -1,8 +1,8 @@
 package hirs.alert.resolve;
 
 import hirs.data.persist.Alert;
-import hirs.data.persist.IMABaselineRecord;
+import hirs.data.persist.baseline.IMABaselineRecord;
-import hirs.data.persist.SimpleImaBaseline;
+import hirs.data.persist.baseline.SimpleImaBaseline;
 import hirs.persist.ImaBaselineRecordManager;
 import org.springframework.beans.factory.annotation.Autowired;
 

HIRS_Utils/src/main/java/hirs/alert/resolve/RemoveFromIMABaselineAlertResolver.java

@@ -1,7 +1,7 @@
 package hirs.alert.resolve;
 
 import hirs.data.persist.Alert;
-import hirs.data.persist.IMABaselineRecord;
+import hirs.data.persist.baseline.IMABaselineRecord;
 import org.springframework.stereotype.Component;
 
 /**

HIRS_Utils/src/main/java/hirs/alert/resolve/TPMBaselineAlertResolver.java

@@ -2,8 +2,8 @@ package hirs.alert.resolve;
 
 import hirs.data.persist.Alert;
 import hirs.data.persist.Digest;
-import hirs.data.persist.DigestAlgorithm;
+import hirs.data.persist.enums.DigestAlgorithm;
-import hirs.data.persist.TPMBaseline;
+import hirs.data.persist.baseline.TPMBaseline;
 import hirs.data.persist.TPMMeasurementRecord;
 import java.util.HashSet;
 import java.util.Set;

HIRS_Utils/src/main/java/hirs/client/collector/DeviceInfoCollector.java

@@ -4,13 +4,13 @@ import hirs.DeviceInfoReportRequest;
 import hirs.ReportRequest;
 import hirs.collector.CollectorException;
 import hirs.data.persist.DeviceInfoReport;
-import hirs.data.persist.FirmwareInfo;
+import hirs.data.persist.info.FirmwareInfo;
-import hirs.data.persist.HardwareInfo;
+import hirs.data.persist.info.HardwareInfo;
-import hirs.data.persist.NetworkInfo;
+import hirs.data.persist.info.NetworkInfo;
-import hirs.data.persist.OSInfo;
+import hirs.data.persist.info.OSInfo;
-import hirs.data.persist.OSName;
+import hirs.data.persist.enums.OSName;
 import hirs.data.persist.Report;
-import hirs.data.persist.TPMInfo;
+import hirs.data.persist.info.TPMInfo;
 import hirs.utils.exec.ExecBuilder;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;

HIRS_Utils/src/main/java/hirs/data/bean/SimpleBaselineBean.java

@@ -3,7 +3,7 @@ package hirs.data.bean;
 import java.util.Date;
 import java.util.UUID;
 
-import hirs.data.persist.Alert;
+import hirs.data.persist.enums.AlertSeverity;
 
 /**
  * Provides a bean that can be used to encapsulate simple baseline data.
@@ -12,7 +12,7 @@ public class SimpleBaselineBean {
     private UUID id;
     private Date createTime;
     private String name;
-    private Alert.Severity severity;
+    private AlertSeverity severity;
     private String type;
 
     /**
@@ -43,7 +43,7 @@ public class SimpleBaselineBean {
      * Get the severity.
      * @return Alert.Severity.
      */
-    public Alert.Severity getSeverity() {
+    public AlertSeverity getSeverity() {
         return severity;
     }
 

HIRS_Utils/src/main/java/hirs/data/persist/AbstractDigest.java

@@ -1,5 +1,7 @@
 package hirs.data.persist;
 
+import hirs.data.persist.enums.DigestComparisonResultType;
+import hirs.data.persist.enums.DigestAlgorithm;
 import java.util.Arrays;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -8,6 +10,7 @@ import javax.xml.bind.DatatypeConverter;
 
 import org.apache.commons.codec.binary.Hex;
 import org.apache.commons.lang3.ArrayUtils;
+import org.apache.logging.log4j.LogManager;
 
 /**
  * This abstract class represents a message digest. Extending classes include
@@ -19,6 +22,8 @@ import org.apache.commons.lang3.ArrayUtils;
  * (see {@link ImaBlacklistRecord} for reference.)
  */
 public abstract class AbstractDigest {
+    private static final org.apache.logging.log4j.Logger LOGGER =
+            LogManager.getLogger(AbstractDigest.class);
     /**
      * Length of MD2 digest.
      */
@@ -60,8 +65,7 @@ public abstract class AbstractDigest {
         }
 
         if (ArrayUtils.isEmpty(digest)) {
-            final String msg = "Digest must have at least one byte";
+            throw new IllegalArgumentException("Digest must have at least one byte");
-            throw new IllegalArgumentException(msg);
         }
 
         if (digest.length != algorithm.getLengthInBytes()) {
@@ -69,6 +73,51 @@ public abstract class AbstractDigest {
         }
     }
 
+    /**
+     * This method will help class determine the algorithm associated with the
+     * pcr values given.
+     *
+     * @param digest list of pcr values.
+     * @return the associated algorithm.
+     */
+    public static final DigestAlgorithm getDigestAlgorithm(final byte[] digest) {
+        if (digest == null || ArrayUtils.isEmpty(digest)) {
+            return DigestAlgorithm.UNSPECIFIED;
+        }
+
+        switch (digest.length) {
+            case MD2_DIGEST_LENGTH:
+                return DigestAlgorithm.MD5;
+            case SHA1_DIGEST_LENGTH:
+                return DigestAlgorithm.SHA1;
+            case SHA256_DIGEST_LENGTH:
+                return DigestAlgorithm.SHA256;
+            case SHA384_DIGEST_LENGTH:
+                return DigestAlgorithm.SHA384;
+            case SHA512_DIGEST_LENGTH:
+                return DigestAlgorithm.SHA512;
+            default:
+                return DigestAlgorithm.UNSPECIFIED;
+        }
+    }
+
+    /**
+     * This method will help class determine the algorithm associated with the
+     * pcr values given.
+     *
+     * @param digest list of pcr values.
+     * @return the associated algorithm.
+     */
+    public static final DigestAlgorithm getDigestAlgorithm(final String digest) {
+        try {
+            return getDigestAlgorithm(Hex.decodeHex(digest.toCharArray()));
+        } catch (Exception deEx) {
+            LOGGER.error(deEx);
+        }
+
+        return DigestAlgorithm.UNSPECIFIED;
+    }
+
     /**
      * Retrieves the <code>DigestAlgorithm</code> that identifies which hash
      * function generated the digest.

HIRS_Utils/src/main/java/hirs/data/persist/Alert.java

@@ -1,5 +1,9 @@
 package hirs.data.persist;
 
+import hirs.data.persist.baseline.Baseline;
+import hirs.data.persist.enums.AlertSeverity;
+import hirs.data.persist.enums.AlertSource;
+import hirs.data.persist.enums.AlertType;
 import javax.persistence.Access;
 import javax.persistence.AccessType;
 import javax.persistence.CollectionTable;
@@ -16,7 +20,6 @@ import javax.persistence.Table;
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
-import javax.xml.bind.annotation.XmlType;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
@@ -68,7 +71,7 @@ public class Alert extends ArchivableEntity {
 
     @Column(name = "source")
     @Enumerated(EnumType.STRING)
-    private Source source = Source.UNSPECIFIED;
+    private AlertSource source = AlertSource.UNSPECIFIED;
 
     @Column(name = "type")
     @Enumerated(EnumType.STRING)
@@ -82,231 +85,7 @@ public class Alert extends ArchivableEntity {
 
     @Column(name = "severity")
     @Enumerated(EnumType.STRING)
-    private Severity severity = Severity.UNSPECIFIED;
+    private AlertSeverity severity = AlertSeverity.UNSPECIFIED;
-
-    /**
-     * The 'source' of the <code>Alert</code>, which is a string enumeration
-     * representing the component within the HIRS system that caused the
-     * <code>Alert</code> to be generated. For example, if a record mismatch is
-     * detected by the <code>IMAAppraiser</code>, the source of the
-     * <code>Alert</code> will be "IMAAppraiser". In some cases the class name
-     * may be used, and in other cases a more abstract name may be used to
-     * provide clarity to the user, such as the <code>REPORT_PROCESSOR</code>
-     * type, which can come from the <code>SOAPMessageProcessor</code>, the
-     * <code>SOAPReportProcessor</code>, or the <code>HIRSAppraiser</code>.
-     */
-    @XmlType(name = "AlertSource")
-    public enum Source {
-        /**
-         * The alerts generated from an unspecified source.
-         */
-        UNSPECIFIED,
-        /**
-         * Alerts generated within <code>SOAPMessageProcessor</code>,
-         * <code>SOAPReportProcessor</code>, or <code>HIRSAppraiser</code> will
-         * all use the same source. This makes sense right now because those
-         * Alerts will all be related to <code>Report</code>s that do not match
-         * the expected format.
-         */
-        REPORT_PROCESSOR,
-        /**
-         * Alerts generated within the <code>IMAAppraiser</code>.
-         */
-        IMA_APPRAISER,
-        /**
-         * Alerts generated within the <code>TPMAppraiser</code>.
-         */
-        TPM_APPRAISER,
-        /**
-         * Alerts generated within <code>OnDemandReportRequestManager</code>.
-         */
-        REPORT_REQUESTOR
-    }
-
-
-
-    /**
-     * The 'type' of the Alert, which is the category of problem identified by
-     * the 'source'.
-     */
-    @XmlType(name = "AlertType")
-    public enum AlertType {
-        /**
-         * The alert type has not been specified.
-         */
-        UNSPECIFIED,
-
-        /**
-         * The <code>Report</code> does not contain the necessary elements or it
-         * contains certain unnecessary elements.
-         */
-        MALFORMED_REPORT,
-
-        /**
-         * The <code>Report</code> does not contain the correct
-         * <code>TPMMeasurementRecord</code>s or the PCR values are not correct.
-         */
-        WHITE_LIST_PCR_MISMATCH,
-
-        /**
-         * The <code>Report</code> contains a <code>TPMMeasurementRecord</code>
-         * matching a TPM BlackList.
-         */
-        BLACK_LIST_PCR_MATCH,
-
-        /**
-         * The <code>TPMReport</code> does not contain a valid nonce.
-         */
-        INVALID_NONCE,
-
-        /**
-         * The <code>TPMReport</code> does not contain a valid TPM Quote (PCR Digest).
-         */
-        INVALID_TPM_QUOTE,
-
-        /**
-         * The <code>TPMReport</code> does not contain a valid signature.
-         */
-        INVALID_SIGNATURE,
-
-        /**
-         * The <code>TPMReport</code> does not contain a valid certificate.
-         */
-        INVALID_CERTIFICATE,
-
-        /**
-         * The <code>IMAReport</code> contains a whitelist hash mismatch.
-         */
-        WHITELIST_MISMATCH,
-
-        /**
-         * The <code>IMAReport</code> contains a required set hash mismatch.
-         */
-        REQUIRED_SET_MISMATCH,
-
-        /**
-         * The <code>Report</code> is missing a required record.
-         */
-        MISSING_RECORD,
-
-        /**
-         * The <code>IMAReport</code> contains an unknown filepath.
-         */
-        UNKNOWN_FILE,
-
-        /**
-         * The client's <code>ReportRequest</code> query messages missing.
-         */
-        REPORT_REQUESTS_MISSING,
-
-        /**
-         * Client periodic <code>IntegrityReport</code> missing.
-         */
-        PERIODIC_REPORT_MISSING,
-
-        /**
-         * On-demand <code>IntegrityReport</code> missing.
-         */
-        ON_DEMAND_REPORT_MISSING,
-
-        /**
-         * The client sent a report that indicates IMA was not enabled correctly.
-         */
-        IMA_MISCONFIGURED,
-
-        /**
-         * PCR mismatches and device info changes indicated a kernel update.
-         */
-        KERNEL_UPDATE_DETECTED,
-
-        /**
-         * The <code>Report</code> does not contain the correct
-         * <code>TPMMeasurementRecord</code>s associated with IMA measurements.
-         */
-        IMA_PCR_MISMATCH,
-
-        /**
-         * Indicates an IMA measurement had a path which matched an entry in a blacklist baseline.
-         */
-        IMA_BLACKLIST_PATH_MATCH,
-
-        /**
-         * Indicates an IMA measurement had a hash which matched an entry in a blacklist baseline.
-         */
-        IMA_BLACKLIST_HASH_MATCH,
-
-        /**
-         * Indicates an IMA measurement had both a path and hash which matched an entry in a
-         * blacklist baseline.
-         */
-        IMA_BLACKLIST_PATH_AND_HASH_MATCH,
-
-        /**
-         * Indicates an IMA measurement had a path that matched an entry in a blacklist baseline,
-         * and also had a hash that matched another entry in the same (or another) baseline.
-         */
-        IMA_BLACKLIST_MIXED_MATCH
-    }
-
-    /**
-     * The 'severity' of the <code>Alert</code>, which is a string enumeration
-     * representing the predicted importance of the problem identified.
-     *
-     * A constructor with the enum is used to set a criticality number for each severity level.
-     * Severity levels can be compared against each other by using the getCriticality method.
-     *
-     */
-    @XmlType(name = "AlertSeverity")
-    public enum Severity {
-
-        /**
-         * Used for situations where Severity remains to be implemented or the
-         * exact level has not been determined for a specific use case.
-         */
-        UNSPECIFIED(5),
-        /**
-         * Equivalent to "Ignore" or "Quiet". This is not used for general logging,
-         * but for Alert level messages that, in specific cases, are not applicable
-         * or can be or need to be ignored.
-         */
-        INFO(10),
-        /**
-         * Applies to a non-system critical file or condition.
-         */
-        LOW(15),
-        /**
-         *  Involves a stable or system-critical file or a stable PCR value.
-         */
-        HIGH(25),
-        /**
-         * Equivalent to "Fatal".  Involves Alerts so clearly indicative of malicious
-         * intent that an automated response, such as network disconnection, is warranted.
-         */
-        SEVERE(30);
-
-        /**
-         * Criticality number assigned to a severity level.
-         */
-        private int criticality;
-
-        /**
-         * Constructor used to set the criticality level.
-         *
-         * @param c criticality level
-         */
-        Severity(final int c) {
-            criticality = c;
-        }
-
-        /**
-         * Return criticality level assigned to severity level.
-         *
-         * @return criticality level
-         */
-        int getCriticality() {
-            return criticality;
-        }
-    }
 
     /**
      * Creates a new <code>Alert</code> with the message details. The details
@@ -465,7 +244,7 @@ public class Alert extends ArchivableEntity {
      * @see Source
      */
     @XmlAttribute(name = "source")
-    public final Source getSource() {
+    public final AlertSource getSource() {
         return source;
     }
 
@@ -474,7 +253,7 @@ public class Alert extends ArchivableEntity {
      *
      * @param source of this <code>Alert</code>
      */
-    public final void setSource(final Source source) {
+    public final void setSource(final AlertSource source) {
         this.source = source;
     }
 
@@ -574,7 +353,7 @@ public class Alert extends ArchivableEntity {
      * Set the severity of the alert regardless of baseline.
      * @param severity Alert.Severity.
      */
-    public final void setSeverity(final Alert.Severity severity) {
+    public final void setSeverity(final AlertSeverity severity) {
         // only overwrite severity if the new one is non-null
         if (severity != null) {
             this.severity = severity;
@@ -602,7 +381,7 @@ public class Alert extends ArchivableEntity {
      * @see Severity
      */
     @XmlAttribute(name = "severity")
-    public final Severity getSeverity() {
+    public final AlertSeverity getSeverity() {
         return severity;
     }
 
@@ -635,8 +414,8 @@ public class Alert extends ArchivableEntity {
      * @return prioritized severity level based on criticality
      *
      */
-    private Alert.Severity getPrioritizedSeverityLevel(final Alert.Severity checkSeverity) {
+    private AlertSeverity getPrioritizedSeverityLevel(final AlertSeverity checkSeverity) {
-        Alert.Severity severityLevel = this.severity;
+        AlertSeverity severityLevel = this.severity;
         if (severityLevel.getCriticality() < checkSeverity.getCriticality()) {
             severityLevel = checkSeverity;
         }

HIRS_Utils/src/main/java/hirs/data/persist/CertificateValidationResult.java

@@ -1,5 +1,7 @@
 package hirs.data.persist;
 
+import hirs.data.persist.enums.CertificateValidationStatus;
+
 
 
 /**

HIRS_Utils/src/main/java/hirs/data/persist/Device.java

@@ -1,5 +1,6 @@
 package hirs.data.persist;
 
+import hirs.data.persist.enums.HealthStatus;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import hirs.DeviceGroupSerializer;

HIRS_Utils/src/main/java/hirs/data/persist/DeviceGroup.java

@@ -1,5 +1,6 @@
 package hirs.data.persist;
 
+import hirs.data.persist.enums.HealthStatus;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import hirs.persist.ScheduledJobInfo;
 import org.apache.logging.log4j.LogManager;

HIRS_Utils/src/main/java/hirs/data/persist/DeviceInfoReport.java

@@ -1,5 +1,11 @@
 package hirs.data.persist;
 
+import hirs.data.persist.info.NetworkInfo;
+import hirs.data.persist.info.OSInfo;
+import hirs.data.persist.info.HardwareInfo;
+import hirs.data.persist.info.TPMInfo;
+import hirs.data.persist.info.FirmwareInfo;
+import hirs.data.persist.baseline.TpmWhiteListBaseline;
 import static org.apache.logging.log4j.LogManager.getLogger;
 
 import javax.persistence.Column;
@@ -34,6 +40,18 @@ public class DeviceInfoReport extends Report implements Serializable {
      * A variable used to describe unavailable hardware, firmware, or OS info.
      */
     public static final String NOT_SPECIFIED = "Not Specified";
+    /**
+     * Constant variable representing the various Short sized strings.
+     */
+    public static final int SHORT_STRING_LENGTH = 32;
+    /**
+     * Constant variable representing the various Medium sized strings.
+     */
+    public static final int MED_STRING_LENGTH = 64;
+    /**
+     * Constant variable representing the various Long sized strings.
+     */
+    public static final int LONG_STRING_LENGTH = 255;
 
     @XmlElement
     @Embedded

HIRS_Utils/src/main/java/hirs/data/persist/Digest.java

@@ -1,5 +1,6 @@
 package hirs.data.persist;
 
+import hirs.data.persist.enums.DigestAlgorithm;
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
 
@@ -77,6 +78,14 @@ public final class Digest extends AbstractDigest {
         this.digest = Arrays.copyOf(digest, digest.length);
     }
 
+    /**
+     * Creates a new <code>Digest</code> when an algorithm isn't specified.
+     * @param digest byte array value
+     */
+    public Digest(final byte[] digest) {
+        this(AbstractDigest.getDigestAlgorithm(digest), digest);
+    }
+
     /**
      * Default constructor necessary for Hibernate.
      */

HIRS_Utils/src/main/java/hirs/data/persist/ExaminableRecord.java

@@ -1,5 +1,6 @@
 package hirs.data.persist;
 
+import hirs.data.persist.enums.ExamineState;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 

HIRS_Utils/src/main/java/hirs/data/persist/IMADeviceState.java

@@ -1,5 +1,6 @@
 package hirs.data.persist;
 
+import hirs.data.persist.enums.AlertSource;
 import org.hibernate.criterion.Criterion;
 import org.hibernate.criterion.Restrictions;
 
@@ -197,7 +198,7 @@ public class IMADeviceState extends DeviceState {
     @Override
     public Criterion getDeviceTrustAlertCriterion() {
         Criterion createTimeRestriction =  Restrictions.ge("createTime", mostRecentFullReportDate);
-        Criterion sourceRestriction = Restrictions.eq("source", Alert.Source.IMA_APPRAISER);
+        Criterion sourceRestriction = Restrictions.eq("source", AlertSource.IMA_APPRAISER);
         return Restrictions.and(createTimeRestriction, sourceRestriction);
     }
 

HIRS_Utils/src/main/java/hirs/data/persist/IMAMeasurementRecord.java

@@ -1,5 +1,6 @@
 package hirs.data.persist;
 
+import hirs.data.persist.enums.DigestAlgorithm;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;

HIRS_Utils/src/main/java/hirs/data/persist/IMAPolicy.java

@@ -1,5 +1,11 @@
 package hirs.data.persist;
 
+import hirs.data.persist.baseline.ImaIgnoreSetBaseline;
+import hirs.data.persist.baseline.ImaBlacklistBaseline;
+import hirs.data.persist.baseline.ImaBaseline;
+import hirs.data.persist.baseline.ImaAcceptableRecordBaseline;
+import hirs.data.persist.baseline.HasBaselines;
+import hirs.data.persist.baseline.Baseline;
 import com.google.common.collect.HashMultimap;
 import com.google.common.collect.Multimap;
 import org.apache.logging.log4j.LogManager;

HIRS_Utils/src/main/java/hirs/data/persist/ImaBlacklistRecord.java

@@ -1,5 +1,8 @@
 package hirs.data.persist;
 
+import hirs.data.persist.baseline.ImaBlacklistBaseline;
+import hirs.data.persist.baseline.AbstractImaBaselineRecord;
+import hirs.data.persist.enums.AlertType;
 import org.apache.commons.lang3.StringUtils;
 
 import javax.persistence.Entity;
@@ -97,8 +100,7 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord {
     public ImaBlacklistRecord(
             final String path,
             final Digest hash,
-            final String description
+            final String description) {
-    ) {
         this(path, hash, description, null);
     }
 
@@ -125,8 +127,7 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord {
             final String path,
             final Digest hash,
             final String description,
-            final ImaBlacklistBaseline baseline
+            final ImaBlacklistBaseline baseline) {
-    ) {
         super(path, hash, description);
         if (path == null && hash == null) {
             throw new IllegalArgumentException("Cannot instantiate with both a null path and hash");
@@ -171,13 +172,13 @@ public class ImaBlacklistRecord extends AbstractImaBaselineRecord {
      *
      * @return the alert match type
      */
-    public Alert.AlertType getAlertMatchType() {
+    public AlertType getAlertMatchType() {
         if (getPath() == null) {
-            return Alert.AlertType.IMA_BLACKLIST_HASH_MATCH;
+            return AlertType.IMA_BLACKLIST_HASH_MATCH;
         } else if (getHash() == null) {
-            return Alert.AlertType.IMA_BLACKLIST_PATH_MATCH;
+            return AlertType.IMA_BLACKLIST_PATH_MATCH;
         } else {
-            return Alert.AlertType.IMA_BLACKLIST_PATH_AND_HASH_MATCH;
+            return AlertType.IMA_BLACKLIST_PATH_AND_HASH_MATCH;
         }
     }
 }

HIRS_Utils/src/main/java/hirs/data/persist/ImaIgnoreSetRecord.java

@@ -5,6 +5,8 @@
  */
 package hirs.data.persist;
 
+import hirs.data.persist.baseline.ImaIgnoreSetBaseline;
+import hirs.data.persist.baseline.AbstractImaBaselineRecord;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
 import javax.persistence.JoinColumn;

HIRS_Utils/src/main/java/hirs/data/persist/OptionalDigest.java

@@ -1,5 +1,6 @@
 package hirs.data.persist;
 
+import hirs.data.persist.enums.DigestAlgorithm;
 import javax.persistence.Access;
 import javax.persistence.AccessType;
 import javax.persistence.Column;

HIRS_Utils/src/main/java/hirs/data/persist/ReferenceManifest.java

@@ -89,6 +89,12 @@ public class ReferenceManifest extends ArchivableEntity {
         public Selector(final ReferenceManifestManager referenceManifestManager) {
             super(referenceManifestManager);
         }
+
+        /**
+         * Specify a manufacturer that certificates must have to be considered as matching.
+         * @param rimType the manufacturer to query, not empty or null
+         * @return this instance (for chaining further calls)
+         */
     }
 
     @Column
@@ -303,9 +309,10 @@ public class ReferenceManifest extends ArchivableEntity {
         if (rimBytes != null && elementName != null) {
             try {
                 SoftwareIdentity si = validateSwidTag(new ByteArrayInputStream(this.rimBytes));
+                JAXBElement element;
                 for (Object object : si.getEntityOrEvidenceOrLink()) {
                     if (object instanceof JAXBElement) {
-                        JAXBElement element = (JAXBElement) object;
+                        element = (JAXBElement) object;
                         if (element.getName().getLocalPart().equals(elementName)) {
                             // found the element
                             baseElement = (BaseElement) element.getValue();
@@ -407,11 +414,11 @@ public class ReferenceManifest extends ArchivableEntity {
                             for (FilesystemItem fsi : directory.getDirectoryOrFile()) {
                                 if (fsi != null) {
                                     resources.add(new SwidResource(
-                                            (hirs.utils.xjc.File) fsi));
+                                            (hirs.utils.xjc.File) fsi, null));
                                 }
                             }
                         } else if (meta instanceof hirs.utils.xjc.File) {
-                            resources.add(new SwidResource((hirs.utils.xjc.File) meta));
+                            resources.add(new SwidResource((hirs.utils.xjc.File) meta, null));
                         }
                     }
                 }
@@ -429,13 +436,13 @@ public class ReferenceManifest extends ArchivableEntity {
      * This method unmarshalls the swidtag found at [path] and validates it
      * according to the schema.
      *
-     * @param path to the input swidtag
+     * @param stream to the input swidtag
      * @return the SoftwareIdentity element at the root of the swidtag
      * @throws IOException if the swidtag cannot be unmarshalled or validated
      */
     private JAXBElement unmarshallSwidTag(final InputStream stream) throws IOException {
         JAXBElement jaxbe = null;
-        Schema schema = null;
+        Schema schema;
 
         try {
             schema = DBReferenceManifestManager.getSchemaObject();

HIRS_Utils/src/main/java/hirs/data/persist/SwidResource.java

@@ -1,14 +1,28 @@
 package hirs.data.persist;
 
 import com.google.common.base.Preconditions;
+import hirs.data.persist.baseline.TpmWhiteListBaseline;
+import hirs.data.persist.enums.DigestAlgorithm;
+import hirs.tpm.eventlog.TCGEventLog;
 import hirs.utils.xjc.File;
+import java.io.IOException;
 import java.util.Map;
 import java.util.List;
 import java.util.LinkedHashMap;
 import java.util.Collections;
 import java.math.BigInteger;
+import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
 import java.text.DecimalFormat;
+import java.util.Arrays;
 import javax.xml.namespace.QName;
+import org.apache.commons.codec.DecoderException;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 
 /**
  * This object is used to represent the content of a Swid Tags Directory
@@ -16,6 +30,8 @@ import javax.xml.namespace.QName;
  */
 public class SwidResource {
 
+    private static final Logger LOGGER = LogManager.getLogger(SwidResource.class);
+
     private static final String CATALINA_HOME = System.getProperty("catalina.base");
     private static final String TOMCAT_UPLOAD_DIRECTORY
             = "/webapps/HIRS_AttestationCAPortal/upload/";
@@ -30,6 +46,8 @@ public class SwidResource {
 
     private String rimFormat, rimType, rimUriGlobal, hashValue;
     private List<String> pcrValues;
+    private TpmWhiteListBaseline tpmWhiteList;
+    private DigestAlgorithm digest = DigestAlgorithm.SHA1;
 
     /**
      * Default constructor.
@@ -46,15 +64,17 @@ public class SwidResource {
 
     /**
      * The main constructor that processes a {@code hirs.utils.xjc.File}.
+     *
      * @param file {@link hirs.utils.xjc.File}
+     * @param digest algorithm associated with pcr values
      */
-    public SwidResource(final File file) {
+    public SwidResource(final File file, final DigestAlgorithm digest) {
         Preconditions.checkArgument(file != null,
                 "Cannot construct a RIM Resource from a null File object");
 
         this.name = file.getName();
         // at this time, there is a possibility to get an object with
-        // not size even though it is required.
+        // no size even though it is required.
         if (file.getSize() != null) {
             this.size = file.getSize().toString();
         } else {
@@ -79,10 +99,30 @@ public class SwidResource {
                 default:
             }
         }
+
+        this.digest = digest;
+        parsePcrValues();
+        tpmWhiteList = new TpmWhiteListBaseline(this.name);
+        if (!pcrValues.isEmpty()) {
+            int i = 0;
+            for (String pcr : pcrValues) {
+                if (this.digest == null) {
+                    // determine by length of pcr value
+                    this.digest = AbstractDigest.getDigestAlgorithm(pcr);
+                }
+                try {
+                    tpmWhiteList.addToBaseline(
+                            new TPMMeasurementRecord(i++, pcr));
+                } catch (DecoderException deEx) {
+                    LOGGER.error(deEx);
+                }
+            }
+        }
     }
 
     /**
      * Getter for the file name.
+     *
      * @return string of the file name
      */
     public String getName() {
@@ -91,6 +131,7 @@ public class SwidResource {
 
     /**
      * Getter for the file size.
+     *
      * @return string of the file size.
      */
     public String getSize() {
@@ -99,6 +140,7 @@ public class SwidResource {
 
     /**
      * Getter for the RIM format for the resource.
+     *
      * @return string of the format
      */
     public String getRimFormat() {
@@ -107,6 +149,7 @@ public class SwidResource {
 
     /**
      * Getter for the RIM resource type.
+     *
      * @return string of the resource type.
      */
     public String getRimType() {
@@ -115,6 +158,7 @@ public class SwidResource {
 
     /**
      * Getter for the RIM Global URI.
+     *
      * @return string of the URI
      */
     public String getRimUriGlobal() {
@@ -122,7 +166,8 @@ public class SwidResource {
     }
 
     /**
-     * Getter for the associated Hash.
+     * Getter for the associated Hash of the file.
+     *
      * @return string of the hash
      */
     public String getHashValue() {
@@ -131,6 +176,7 @@ public class SwidResource {
 
     /**
      * Getter for the list of PCR Values.
+     *
      * @return an unmodifiable list
      */
     public List<String> getPcrValues() {
@@ -139,6 +185,7 @@ public class SwidResource {
 
     /**
      * Setter for the list of associated PCR Values.
+     *
      * @param pcrValues a collection of PCRs
      */
     public void setPcrValues(final List<String> pcrValues) {
@@ -147,6 +194,7 @@ public class SwidResource {
 
     /**
      * Getter for a generated map of the PCR values.
+     *
      * @return mapping of PCR# to the actual value.
      */
     public LinkedHashMap<String, String> getPcrMap() {
@@ -164,4 +212,33 @@ public class SwidResource {
 
         return innerMap;
     }
+
+    /**
+     *
+     */
+    private void parsePcrValues() {
+        TCGEventLog logProcessor = new TCGEventLog();
+
+        try {
+            Path logPath = Paths.get(String.format("%s/%s",
+                    SwidResource.RESOURCE_UPLOAD_FOLDER,
+                    this.getName()));
+            if (Files.exists(logPath)) {
+                logProcessor = new TCGEventLog(
+                        Files.readAllBytes(logPath));
+            }
+            this.setPcrValues(Arrays.asList(
+                        logProcessor.getExpectedPCRValues()));
+        } catch (NoSuchFileException nsfEx) {
+            LOGGER.error(String.format("File Not found!: %s",
+                    this.getName()));
+            LOGGER.error(nsfEx);
+        } catch (IOException ioEx) {
+            LOGGER.error(ioEx);
+        } catch (CertificateException cEx) {
+            LOGGER.error(cEx);
+        } catch (NoSuchAlgorithmException naEx) {
+            LOGGER.error(naEx);
+        }
+    }
 }

HIRS_Utils/src/main/java/hirs/data/persist/TPMMeasurementRecord.java

@@ -10,6 +10,8 @@ import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlElement;
+import org.apache.commons.codec.DecoderException;
+import org.apache.commons.codec.binary.Hex;
 
 /**
  * Class represents a Trusted Platform Module (TPM) Platform Configuration
@@ -43,15 +45,13 @@ public final class TPMMeasurementRecord extends ExaminableRecord {
     private final Digest hash;
 
     /**
-     * Constructor initializes values associated with PCRMeasurementRecord.
+     * Constructor initializes values associated with TPMMeasurementRecord.
      *
-     * @param pcrId
+     * @param pcrId is the TPM PCR index. pcrId must be between 0 and 23.
-     *            is the TPM PCR index. pcrId must be between 0 and 23.
      * @param hash
      *            represents the measurement digest found at the particular PCR
      *            index.
-     * @throws IllegalArgumentException
+     * @throws IllegalArgumentException if pcrId is not valid
-     *             if digest algorithm is not SHA-1
      */
     public TPMMeasurementRecord(final int pcrId, final Digest hash)
             throws IllegalArgumentException {
@@ -66,6 +66,30 @@ public final class TPMMeasurementRecord extends ExaminableRecord {
         this.hash = hash;
     }
 
+    /**
+     * Constructor initializes values associated with TPMMeasurementRecord.
+     *
+     * @param pcrId is the TPM PCR index. pcrId must be between 0 and 23.
+     * @param hash represents the measurement digest found at the particular PCR
+     *            index.
+     * @throws DecoderException if there is a decode issue with string hex.
+     */
+    public TPMMeasurementRecord(final int pcrId, final String hash)
+            throws DecoderException {
+        this(pcrId, new Digest(Hex.decodeHex(hash.toCharArray())));
+    }
+
+    /**
+     * Constructor initializes values associated with TPMMeasurementRecord.
+     *
+     * @param pcrId is the TPM PCR index. pcrId must be between 0 and 23.
+     * @param hash represents the measurement digest found at the particular PCR
+     *            index.
+     */
+    public TPMMeasurementRecord(final int pcrId, final byte[] hash) {
+        this(pcrId, new Digest(hash));
+    }
+
     /**
      * Helper method to determine if a PCR ID number is valid.
      *

HIRS_Utils/src/main/java/hirs/data/persist/TPMPolicy.java

@@ -1,5 +1,10 @@
 package hirs.data.persist;
 
+import hirs.data.persist.baseline.TpmBlackListBaseline;
+import hirs.data.persist.baseline.TpmWhiteListBaseline;
+import hirs.data.persist.baseline.HasBaselines;
+import hirs.data.persist.baseline.Baseline;
+import hirs.data.persist.enums.AlertSeverity;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -73,7 +78,7 @@ public final class TPMPolicy extends Policy implements HasBaselines {
 
     @Column(nullable = false)
     @Enumerated(EnumType.STRING)
-    private Alert.Severity kernelUpdateAlertSeverity = Alert.Severity.UNSPECIFIED;
+    private AlertSeverity kernelUpdateAlertSeverity = AlertSeverity.UNSPECIFIED;
 
     @ManyToMany(fetch = FetchType.EAGER)
     @JoinTable(name = "TPMWhiteListBaselines",
@@ -550,7 +555,7 @@ public final class TPMPolicy extends Policy implements HasBaselines {
      * Gets the severity of kernel update alerts.
      * @return the severity
      */
-    public Alert.Severity getKernelUpdateAlertSeverity() {
+    public AlertSeverity getKernelUpdateAlertSeverity() {
         return kernelUpdateAlertSeverity;
     }
 
@@ -558,7 +563,7 @@ public final class TPMPolicy extends Policy implements HasBaselines {
      * Sets the severity of kernel update alerts.
      * @param severity The desired severity of kernel update alerts.
      */
-    public void setKernelUpdateAlertSeverity(final Alert.Severity severity) {
+    public void setKernelUpdateAlertSeverity(final AlertSeverity severity) {
         kernelUpdateAlertSeverity = severity;
     }
 

HIRS_Utils/src/main/java/hirs/data/persist/baseline/AbstractImaBaselineRecord.java

@@ -1,5 +1,8 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
+import hirs.data.persist.Digest;
+import hirs.data.persist.enums.DigestAlgorithm;
+import hirs.data.persist.OptionalDigest;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -70,7 +73,7 @@ public abstract class AbstractImaBaselineRecord {
      * @throws IllegalArgumentException
      *             if digest algorithm is not SHA-1
      */
-    AbstractImaBaselineRecord(final String path, final Digest hash, final String description)
+    public AbstractImaBaselineRecord(final String path, final Digest hash, final String description)
             throws IllegalArgumentException {
         if (hash != null && hash.getAlgorithm() != DigestAlgorithm.SHA1) {
             throw new IllegalArgumentException("Hash algorithm is not SHA-1");

HIRS_Utils/src/main/java/hirs/data/persist/baseline/Baseline.java

@@ -1,5 +1,7 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
+import hirs.data.persist.UserDefinedEntity;
+import hirs.data.persist.enums.AlertSeverity;
 import javax.persistence.Access;
 import javax.persistence.AccessType;
 import javax.persistence.Column;
@@ -29,7 +31,7 @@ public abstract class Baseline extends UserDefinedEntity {
 
     @Column(nullable = false, name = "severity")
     @Enumerated(EnumType.STRING)
-    private Alert.Severity severity = Alert.Severity.UNSPECIFIED;
+    private AlertSeverity severity = AlertSeverity.UNSPECIFIED;
 
     @Column(nullable = false)
     private String type;
@@ -67,7 +69,7 @@ public abstract class Baseline extends UserDefinedEntity {
      * Gets the baseline severity.
      * @return the severity
      */
-    public Alert.Severity getSeverity() {
+    public AlertSeverity getSeverity() {
         return severity;
     }
 
@@ -75,7 +77,7 @@ public abstract class Baseline extends UserDefinedEntity {
      * Sets the severity of alerts raised by this baseline.
      * @param severity The desired severity of alerts raised by this baseline
      */
-    public void setSeverity(final Alert.Severity severity) {
+    public void setSeverity(final AlertSeverity severity) {
         this.severity = severity;
     }
 }

HIRS_Utils/src/main/java/hirs/data/persist/baseline/BroadRepoImaBaseline.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
 import hirs.persist.RepositoryManager;
 import hirs.repository.Repository;

HIRS_Utils/src/main/java/hirs/data/persist/baseline/HasBaselines.java

@@ -1,9 +1,4 @@
-/*
+package hirs.data.persist.baseline;
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
-package hirs.data.persist;
 
 import java.util.List;
 

HIRS_Utils/src/main/java/hirs/data/persist/baseline/IMABaselineRecord.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -13,6 +13,7 @@ import javax.persistence.Table;
 import javax.persistence.Transient;
 
 import com.google.common.base.Preconditions;
+import hirs.data.persist.Digest;
 
 /**
  * An <code>IMABaselineRecord</code> represents a single entry in an

HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaAcceptableRecordBaseline.java

@@ -1,6 +1,8 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
+import hirs.data.persist.IMAMeasurementRecord;
+import hirs.data.persist.IMAPolicy;
 import hirs.ima.matching.BatchImaMatchStatus;
 import hirs.persist.ImaBaselineRecordManager;
 

HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBaseline.java

@@ -1,5 +1,7 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
+import hirs.data.persist.IMAMeasurementRecord;
+import hirs.data.persist.IMAPolicy;
 import hirs.ima.matching.BatchImaMatchStatus;
 import hirs.persist.ImaBaselineRecordManager;
 import org.hibernate.annotations.Type;

HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaBlacklistBaseline.java

@@ -1,7 +1,10 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.google.common.base.Preconditions;
+import hirs.data.persist.IMAMeasurementRecord;
+import hirs.data.persist.IMAPolicy;
+import hirs.data.persist.ImaBlacklistRecord;
 import hirs.ima.matching.BatchImaMatchStatus;
 import hirs.ima.matching.ImaBlacklistRecordMatcher;
 import hirs.persist.ImaBaselineRecordManager;

HIRS_Utils/src/main/java/hirs/data/persist/baseline/ImaIgnoreSetBaseline.java

@@ -3,11 +3,14 @@
  * To change this template file, choose Tools | Templates
  * and open the template in the editor.
  */
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 
 import com.google.common.base.Preconditions;
+import hirs.data.persist.IMAMeasurementRecord;
+import hirs.data.persist.IMAPolicy;
+import hirs.data.persist.ImaIgnoreSetRecord;
 import hirs.ima.matching.BatchImaMatchStatus;
 import hirs.ima.matching.ImaIgnoreSetRecordMatcher;
 import hirs.persist.ImaBaselineRecordManager;
@@ -202,7 +205,7 @@ public class ImaIgnoreSetBaseline extends ImaBaseline<ImaIgnoreSetRecord> {
      * @return
      *      returns true is the record was added to the list, false if not
      */
-    final synchronized boolean addOnlyToBaseline(final ImaIgnoreSetRecord record) {
+    public final synchronized boolean addOnlyToBaseline(final ImaIgnoreSetRecord record) {
         if (record == null) {
             LOGGER.error("invalid parameter (NULL value) "
                     + "passed to ImaIgnoreSetBaseline.addOnlyToBaseline");
@@ -227,7 +230,7 @@ public class ImaIgnoreSetBaseline extends ImaBaseline<ImaIgnoreSetRecord> {
      *            record to remove
      * @return a boolean indicating if the removal was successful
      */
-    final boolean removeOnlyBaseline(final ImaIgnoreSetRecord record) {
+    public final boolean removeOnlyBaseline(final ImaIgnoreSetRecord record) {
         return imaIgnoreSetRecords.remove(record);
     }
 }

HIRS_Utils/src/main/java/hirs/data/persist/baseline/QueryableRecordImaBaseline.java

@@ -1,6 +1,9 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
 import com.google.common.base.Preconditions;
+import hirs.data.persist.Digest;
+import hirs.data.persist.IMAMeasurementRecord;
+import hirs.data.persist.IMAPolicy;
 import hirs.ima.matching.BatchImaMatchStatus;
 import hirs.ima.matching.IMAMatchStatus;
 import hirs.ima.matching.ImaAcceptableHashRecordMatcher;

HIRS_Utils/src/main/java/hirs/data/persist/baseline/SimpleImaBaseline.java

@@ -1,7 +1,9 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.google.common.base.Preconditions;
+import hirs.data.persist.IMAMeasurementRecord;
+import hirs.data.persist.IMAPolicy;
 import hirs.ima.matching.BatchImaMatchStatus;
 import hirs.ima.matching.ImaAcceptableHashRecordMatcher;
 import hirs.ima.matching.ImaAcceptablePathAndHashRecordMatcher;

HIRS_Utils/src/main/java/hirs/data/persist/baseline/TPMBaseline.java

@@ -1,5 +1,13 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
+import hirs.data.persist.DeviceInfoReport;
+import hirs.data.persist.Digest;
+import hirs.data.persist.info.FirmwareInfo;
+import hirs.data.persist.info.HardwareInfo;
+import hirs.data.persist.info.OSInfo;
+import hirs.data.persist.info.TPMInfo;
+import hirs.data.persist.TPMMeasurementRecord;
+import hirs.data.persist.info.RIMInfo;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
@@ -23,14 +31,12 @@ import java.util.Set;
 public abstract class TPMBaseline extends Baseline {
 
     private static final Logger LOGGER = LogManager.getLogger(TPMBaseline.class);
-    private static final String NOT_SPECIFIED = "Not Specified";
 
     @ElementCollection(fetch = FetchType.EAGER)
     @CollectionTable(name = "TPMBaselineRecords",
         joinColumns = { @JoinColumn(name = "BaselineID", nullable = false) })
     private final Set<TPMMeasurementRecord> pcrRecords = new LinkedHashSet<>();
 
-
     @Embedded
     private FirmwareInfo firmwareInfo;
 
@@ -43,6 +49,8 @@ public abstract class TPMBaseline extends Baseline {
     @Embedded
     private TPMInfo tpmInfo;
 
+    @Embedded
+    private RIMInfo rimInfo;
 
     /**
      * Creates a new <code>TPMBaseline</code> with no valid PCR entries and no device-specific PCRs.
@@ -63,48 +71,14 @@ public abstract class TPMBaseline extends Baseline {
         initDeviceInfo();
     }
 
-
-
     private void initDeviceInfo() {
-        initFirmwareInfo();
-        initHardwareInfo();
-        initOSInfo();
-        initTPMInfo();
-    }
-
-    /**
-     * Creates default FirmwareInfo object.
-     */
-    private void initFirmwareInfo() {
         firmwareInfo = new FirmwareInfo();
+        hardwareInfo = new HardwareInfo();
+        osInfo = new OSInfo();
+        tpmInfo = new TPMInfo();
+        rimInfo = new RIMInfo();
     }
 
-
-    /**
-     * Creates default HardwareInfo object.
-     */
-    private void initHardwareInfo() {
-        hardwareInfo =
-                new HardwareInfo();
-    }
-
-    /**
-     * Creates default OSInfo object.
-     */
-    private void initOSInfo() {
-        osInfo =
-                new OSInfo();
-    }
-
-    /**
-     * Creates default TPMInfo object.
-     */
-    private void initTPMInfo() {
-        tpmInfo =
-                new TPMInfo();
-    }
-
-
     /**
      * Retrieves the FirmwareInfo for this <code>TPMBaseline</code>.
      * @return FirmwareInfo
@@ -115,7 +89,7 @@ public abstract class TPMBaseline extends Baseline {
 
     /**
      * Retrieves the HardwareInfo for this <code>TPMBaseline</code>.
-     * @return FirmwareInfo
+     * @return HardwareInfo
      */
     public final HardwareInfo getHardwareInfo() {
         return hardwareInfo;
@@ -123,7 +97,7 @@ public abstract class TPMBaseline extends Baseline {
 
     /**
      * Retrieves the OSInfo for this <code>TPMBaseline</code>.
-     * @return FirmwareInfo
+     * @return OSInfo
      */
     public final OSInfo getOSInfo() {
         return osInfo;
@@ -131,12 +105,20 @@ public abstract class TPMBaseline extends Baseline {
 
     /**
      * Retrieves the TPMInfo for this <code>TPMBaseline</code>.
-     * @return FirmwareInfo
+     * @return TPMInfo
      */
     public final TPMInfo getTPMInfo() {
         return tpmInfo;
     }
 
+    /**
+     * Retrieves the RIMInfo for this <code>TPMBaseline</code>.
+     * @return an instance of RIMInfo
+     */
+    public final RIMInfo getRIMInfo() {
+        return rimInfo;
+    }
+
     /**
      * Copy the Firmware data from another object.  If null, the default
      * FirmwareInfo data will be used.
@@ -144,7 +126,7 @@ public abstract class TPMBaseline extends Baseline {
      */
     public final void setFirmwareInfo(final FirmwareInfo firmwareInfo) {
         if (firmwareInfo == null) {
-            initFirmwareInfo();
+            this.firmwareInfo = new FirmwareInfo();
         } else {
             this.firmwareInfo = firmwareInfo;
         }
@@ -157,7 +139,7 @@ public abstract class TPMBaseline extends Baseline {
      */
     public final void setHardwareInfo(final HardwareInfo hardwareInfo) {
         if (hardwareInfo == null) {
-            initHardwareInfo();
+            this.hardwareInfo = new HardwareInfo();
         } else {
             this.hardwareInfo = hardwareInfo;
         }
@@ -170,7 +152,7 @@ public abstract class TPMBaseline extends Baseline {
      */
     public final void setOSInfo(final OSInfo osInfo) {
         if (osInfo == null) {
-            initOSInfo();
+            this.osInfo = new OSInfo();
         } else {
             this.osInfo = osInfo;
         }
@@ -183,7 +165,7 @@ public abstract class TPMBaseline extends Baseline {
      */
     public final void setTPMInfo(final TPMInfo tpmInfo) {
         if (tpmInfo == null) {
-            initTPMInfo();
+            this.tpmInfo = new TPMInfo();
         } else {
             this.tpmInfo = tpmInfo;
         }
@@ -227,9 +209,6 @@ public abstract class TPMBaseline extends Baseline {
      * @return true if measurement record is found in list, otherwise false
      */
     public final boolean isInBaseline(final TPMMeasurementRecord record) {
-        if (record == null) {
-            return false;
-        }
         return pcrRecords.contains(record);
     }
 
@@ -244,7 +223,7 @@ public abstract class TPMBaseline extends Baseline {
         LOGGER.debug("adding record {} to baseline {}", record, getName());
         if (record == null) {
             LOGGER.error("null record");
-            throw new NullPointerException("record");
+            throw new NullPointerException("TPMMeasurementRecord");
         }
 
         if (pcrRecords.contains(record)) {
@@ -268,7 +247,7 @@ public abstract class TPMBaseline extends Baseline {
     public final boolean removeFromBaseline(final TPMMeasurementRecord record) {
         LOGGER.debug("removing record {} from baseline {}", record, getName());
         if (record == null) {
-            LOGGER.error("null record");
+            LOGGER.error("null record can not be removed");
             return false;
         }
 
@@ -283,25 +262,27 @@ public abstract class TPMBaseline extends Baseline {
      */
     public boolean isEmpty() {
         LOGGER.debug("Check for empty baseline");
-        return (firmwareInfo.getBiosReleaseDate().equals(NOT_SPECIFIED)
+        return (firmwareInfo.getBiosReleaseDate().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && firmwareInfo.getBiosVendor().equals(NOT_SPECIFIED)
+                && firmwareInfo.getBiosVendor().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && firmwareInfo.getBiosVersion().equals(NOT_SPECIFIED)
+                && firmwareInfo.getBiosVersion().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && hardwareInfo.getBaseboardSerialNumber().equals(NOT_SPECIFIED)
+                && hardwareInfo.getBaseboardSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && hardwareInfo.getChassisSerialNumber().equals(NOT_SPECIFIED)
+                && hardwareInfo.getChassisSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && hardwareInfo.getManufacturer().equals(NOT_SPECIFIED)
+                && hardwareInfo.getManufacturer().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && hardwareInfo.getProductName().equals(NOT_SPECIFIED)
+                && hardwareInfo.getProductName().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && hardwareInfo.getSystemSerialNumber().equals(NOT_SPECIFIED)
+                && hardwareInfo.getSystemSerialNumber().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && hardwareInfo.getVersion().equals(NOT_SPECIFIED)
+                && hardwareInfo.getVersion().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && osInfo.getDistribution().equals(NOT_SPECIFIED)
+                && osInfo.getDistribution().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && osInfo.getDistributionRelease().equals(NOT_SPECIFIED)
+                && osInfo.getDistributionRelease().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && osInfo.getOSArch().equals(NOT_SPECIFIED)
+                && osInfo.getOSArch().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && osInfo.getOSName().equals(NOT_SPECIFIED)
+                && osInfo.getOSName().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && osInfo.getOSVersion().equals(NOT_SPECIFIED)
+                && osInfo.getOSVersion().equals(DeviceInfoReport.NOT_SPECIFIED)
-                && tpmInfo.getTPMMake().equals(NOT_SPECIFIED)
+                && tpmInfo.getTPMMake().equals(DeviceInfoReport.NOT_SPECIFIED)
                 && tpmInfo.getTPMVersionMajor() == 0
                 && tpmInfo.getTPMVersionMinor() == 0
                 && tpmInfo.getTPMVersionRevMajor() == 0
                 && tpmInfo.getTPMVersionRevMinor() == 0
+                && rimInfo.getRimManufacturer().equals(DeviceInfoReport.NOT_SPECIFIED)
+                && rimInfo.getModel().equals(DeviceInfoReport.NOT_SPECIFIED)
                 && pcrRecords.isEmpty());
     }
 }

HIRS_Utils/src/main/java/hirs/data/persist/baseline/TargetedRepoImaBaseline.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
 import com.google.common.cache.CacheBuilder;
 import com.google.common.cache.CacheLoader;

HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmBlackListBaseline.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
 import javax.persistence.Entity;
 

HIRS_Utils/src/main/java/hirs/data/persist/baseline/TpmWhiteListBaseline.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
 import javax.persistence.Entity;
 

HIRS_Utils/src/main/java/hirs/data/persist/baseline/UpdatableImaBaseline.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.baseline;
 
 import hirs.persist.RepositoryManager;
 

HIRS_Utils/src/main/java/hirs/data/persist/baseline/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * This package contains a set of classes for accessing baseline code.
+ */
+package hirs.data.persist.baseline;

HIRS_Utils/src/main/java/hirs/data/persist/certificate/EndorsementCredential.java

@@ -314,9 +314,10 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
             asn1In = new ASN1InputStream(ec.getEncoded());
 
             ASN1Primitive obj = asn1In.readObject();
+            ASN1Sequence seq;
 
             while (obj != null) {
-                ASN1Sequence seq = ASN1Sequence.getInstance(obj);
+                seq = ASN1Sequence.getInstance(obj);
                 parseSequence(seq, false, null);
                 obj = asn1In.readObject();
             }
@@ -328,10 +329,12 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
             }
         }
 
+        String oid;
+        Object value;
         // unpack fields from parsedFields and set field values
         for (Map.Entry<String, Object> entry : parsedFields.entrySet()) {
-            String oid = entry.getKey();
+            oid = entry.getKey();
-            Object value = entry.getValue();
+            value = entry.getValue();
             if (oid.equals(TPM_MODEL)) {
                 model = value.toString();
                 LOGGER.debug("Found TPM Model: " + model);
@@ -415,10 +418,12 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
 
             LOGGER.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString());
             // Iterate through remaining fields to set optional attributes
+            int tag;
+            DERTaggedObject obj;
             for (int i = seqPosition; i < seq.size(); i++) {
                 if (seq.getObjectAt(i) instanceof DERTaggedObject) {
-                    DERTaggedObject obj = (DERTaggedObject) seq.getObjectAt(i);
+                    obj = (DERTaggedObject) seq.getObjectAt(i);
-                    int tag = obj.getTagNo();
+                    tag = obj.getTagNo();
                     if (tag == EK_TYPE_TAG) {
                         int ekGenTypeVal = ((ASN1Enumerated) obj.getObject()).getValue().intValue();
                         if (ekGenTypeVal >= EK_TYPE_VAL_MIN && ekGenTypeVal <= EK_TYPE_VAL_MAX) {
@@ -523,8 +528,9 @@ public class EndorsementCredential extends DeviceAssociatedCertificate {
             // parseSequences in the future
             ASN1Set set = (ASN1Set) component;
             Enumeration setContents = set.getObjects();
+            ASN1Encodable subComp;
             while (setContents.hasMoreElements()) {
-                ASN1Encodable subComp = (ASN1Encodable) setContents.nextElement();
+                subComp = (ASN1Encodable) setContents.nextElement();
                 if (subComp instanceof ASN1ObjectIdentifier) {
                     LOGGER.warn("OID in top level of ASN1Set");
                 }

HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSeverity.java

@@ -0,0 +1,65 @@
+package hirs.data.persist.enums;
+
+import javax.xml.bind.annotation.XmlType;
+
+/**
+ * The 'severity' of the <code>Alert</code>, which is a string enumeration
+ * representing the predicted importance of the problem identified.
+ *
+ * A constructor with the enum is used to set a criticality number for each
+ * severity level. Severity levels can be compared against each other by using
+ * the getCriticality method.
+ *
+ */
+@XmlType(name = "AlertSeverity")
+public enum AlertSeverity {
+
+    /**
+     * Used for situations where Severity remains to be implemented or the exact
+     * level has not been determined for a specific use case.
+     */
+    UNSPECIFIED(5),
+    /**
+     * Equivalent to "Ignore" or "Quiet". This is not used for general logging,
+     * but for Alert level messages that, in specific cases, are not applicable
+     * or can be or need to be ignored.
+     */
+    INFO(10),
+    /**
+     * Applies to a non-system critical file or condition.
+     */
+    LOW(15),
+    /**
+     * Involves a stable or system-critical file or a stable PCR value.
+     */
+    HIGH(25),
+    /**
+     * Equivalent to "Fatal". Involves Alerts so clearly indicative of malicious
+     * intent that an automated response, such as network disconnection, is
+     * warranted.
+     */
+    SEVERE(30);
+
+    /**
+     * Criticality number assigned to a severity level.
+     */
+    private int criticality;
+
+    /**
+     * Constructor used to set the criticality level.
+     *
+     * @param c criticality level
+     */
+    AlertSeverity(final int c) {
+        criticality = c;
+    }
+
+    /**
+     * Return criticality level assigned to severity level.
+     *
+     * @return criticality level
+     */
+    public int getCriticality() {
+        return criticality;
+    }
+}

HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertSource.java

@@ -0,0 +1,43 @@
+package hirs.data.persist.enums;
+
+import javax.xml.bind.annotation.XmlType;
+
+/**
+ * The 'source' of the <code>Alert</code>, which is a string enumeration
+ * representing the component within the HIRS system that caused the
+ * <code>Alert</code> to be generated. For example, if a record mismatch is
+ * detected by the <code>IMAAppraiser</code>, the source of the
+ * <code>Alert</code> will be "IMAAppraiser". In some cases the class name may
+ * be used, and in other cases a more abstract name may be used to provide
+ * clarity to the user, such as the <code>REPORT_PROCESSOR</code> type, which
+ * can come from the <code>SOAPMessageProcessor</code>, the
+ * <code>SOAPReportProcessor</code>, or the <code>HIRSAppraiser</code>.
+ */
+@XmlType(name = "AlertSource")
+public enum AlertSource {
+
+    /**
+     * The alerts generated from an unspecified source.
+     */
+    UNSPECIFIED,
+    /**
+     * Alerts generated within <code>SOAPMessageProcessor</code>,
+     * <code>SOAPReportProcessor</code>, or <code>HIRSAppraiser</code> will all
+     * use the same source. This makes sense right now because those Alerts will
+     * all be related to <code>Report</code>s that do not match the expected
+     * format.
+     */
+    REPORT_PROCESSOR,
+    /**
+     * Alerts generated within the <code>IMAAppraiser</code>.
+     */
+    IMA_APPRAISER,
+    /**
+     * Alerts generated within the <code>TPMAppraiser</code>.
+     */
+    TPM_APPRAISER,
+    /**
+     * Alerts generated within <code>OnDemandReportRequestManager</code>.
+     */
+    REPORT_REQUESTOR
+}

HIRS_Utils/src/main/java/hirs/data/persist/enums/AlertType.java

@@ -0,0 +1,110 @@
+package hirs.data.persist.enums;
+
+import javax.xml.bind.annotation.XmlType;
+
+/**
+ * The 'type' of the Alert, which is the category of problem identified by the
+ * 'source'.
+ */
+@XmlType(name = "AlertType")
+public enum AlertType {
+
+    /**
+     * The alert type has not been specified.
+     */
+    UNSPECIFIED,
+    /**
+     * The <code>Report</code> does not contain the necessary elements or it
+     * contains certain unnecessary elements.
+     */
+    MALFORMED_REPORT,
+    /**
+     * The <code>Report</code> does not contain the correct
+     * <code>TPMMeasurementRecord</code>s or the PCR values are not correct.
+     */
+    WHITE_LIST_PCR_MISMATCH,
+    /**
+     * The <code>Report</code> contains a <code>TPMMeasurementRecord</code>
+     * matching a TPM BlackList.
+     */
+    BLACK_LIST_PCR_MATCH,
+    /**
+     * The <code>TPMReport</code> does not contain a valid nonce.
+     */
+    INVALID_NONCE,
+    /**
+     * The <code>TPMReport</code> does not contain a valid TPM Quote (PCR
+     * Digest).
+     */
+    INVALID_TPM_QUOTE,
+    /**
+     * The <code>TPMReport</code> does not contain a valid signature.
+     */
+    INVALID_SIGNATURE,
+    /**
+     * The <code>TPMReport</code> does not contain a valid certificate.
+     */
+    INVALID_CERTIFICATE,
+    /**
+     * The <code>IMAReport</code> contains a whitelist hash mismatch.
+     */
+    WHITELIST_MISMATCH,
+    /**
+     * The <code>IMAReport</code> contains a required set hash mismatch.
+     */
+    REQUIRED_SET_MISMATCH,
+    /**
+     * The <code>Report</code> is missing a required record.
+     */
+    MISSING_RECORD,
+    /**
+     * The <code>IMAReport</code> contains an unknown filepath.
+     */
+    UNKNOWN_FILE,
+    /**
+     * The client's <code>ReportRequest</code> query messages missing.
+     */
+    REPORT_REQUESTS_MISSING,
+    /**
+     * Client periodic <code>IntegrityReport</code> missing.
+     */
+    PERIODIC_REPORT_MISSING,
+    /**
+     * On-demand <code>IntegrityReport</code> missing.
+     */
+    ON_DEMAND_REPORT_MISSING,
+    /**
+     * The client sent a report that indicates IMA was not enabled correctly.
+     */
+    IMA_MISCONFIGURED,
+    /**
+     * PCR mismatches and device info changes indicated a kernel update.
+     */
+    KERNEL_UPDATE_DETECTED,
+    /**
+     * The <code>Report</code> does not contain the correct
+     * <code>TPMMeasurementRecord</code>s associated with IMA measurements.
+     */
+    IMA_PCR_MISMATCH,
+    /**
+     * Indicates an IMA measurement had a path which matched an entry in a
+     * blacklist baseline.
+     */
+    IMA_BLACKLIST_PATH_MATCH,
+    /**
+     * Indicates an IMA measurement had a hash which matched an entry in a
+     * blacklist baseline.
+     */
+    IMA_BLACKLIST_HASH_MATCH,
+    /**
+     * Indicates an IMA measurement had both a path and hash which matched an
+     * entry in a blacklist baseline.
+     */
+    IMA_BLACKLIST_PATH_AND_HASH_MATCH,
+    /**
+     * Indicates an IMA measurement had a path that matched an entry in a
+     * blacklist baseline, and also had a hash that matched another entry in the
+     * same (or another) baseline.
+     */
+    IMA_BLACKLIST_MIXED_MATCH
+}

HIRS_Utils/src/main/java/hirs/data/persist/enums/CertificateValidationStatus.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.enums;
 
 /**
  * Enum used to represent certificate validation status.

HIRS_Utils/src/main/java/hirs/data/persist/enums/ComponentType.java

@@ -0,0 +1,88 @@
+package hirs.data.persist.enums;
+
+/**
+ * Identifies the type of component.
+ */
+public enum ComponentType {
+
+    /**
+     * Baseboard.
+     */
+    BASEBOARD(Values.BASEBOARD),
+    /**
+     * BIOS or UEFI.
+     */
+    BIOS_UEFI(Values.BIOS_UEFI),
+    /**
+     * Chassis.
+     */
+    CHASSIS(Values.CHASSIS),
+    /**
+     * Hard Drive.
+     */
+    HARD_DRIVE(Values.HARD_DRIVE),
+    /**
+     * Memory.
+     */
+    MEMORY(Values.MEMORY),
+    /**
+     * Network Interface Card.
+     */
+    NIC(Values.NIC),
+    /**
+     * Processor.
+     */
+    PROCESSOR(Values.PROCESSOR);
+
+    /**
+     * Constructor.
+     *
+     * @param val string value
+     */
+    ComponentType(final String val) {
+        if (!this.name().equals(val)) {
+            throw new IllegalArgumentException("Incorrect use of ComponentTypeEnum");
+        }
+    }
+
+    /**
+     * String values for use in {@link ComponentTypeEnum}.
+     */
+    public static class Values {
+
+        /**
+         * Baseboard.
+         */
+        public static final String BASEBOARD = "BASEBOARD";
+
+        /**
+         * BIOS or UEFI.
+         */
+        public static final String BIOS_UEFI = "BIOS_UEFI";
+
+        /**
+         * Chassis.
+         */
+        public static final String CHASSIS = "CHASSIS";
+
+        /**
+         * Hard Drive.
+         */
+        public static final String HARD_DRIVE = "HARD_DRIVE";
+
+        /**
+         * Memory.
+         */
+        public static final String MEMORY = "MEMORY";
+
+        /**
+         * Network Interface Card.
+         */
+        public static final String NIC = "NIC";
+
+        /**
+         * Processor.
+         */
+        public static final String PROCESSOR = "PROCESSOR";
+    }
+}

HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestAlgorithm.java

@@ -1,4 +1,7 @@
-package hirs.data.persist;
+package hirs.data.persist.enums;
+
+import hirs.data.persist.AbstractDigest;
+import hirs.data.persist.DeviceInfoReport;
 
 /**
  * Enum of digest algorithms. The enum values also provide a standardized
@@ -29,7 +32,12 @@ public enum DigestAlgorithm {
     /**
      * SHA-512 digest algorithm.
      */
-    SHA512("SHA-512", AbstractDigest.SHA512_DIGEST_LENGTH);
+    SHA512("SHA-512", AbstractDigest.SHA512_DIGEST_LENGTH),
+    /**
+     * Condition used when an algorithm is not specified and
+     * the size doesn't match known digests.
+     */
+    UNSPECIFIED(DeviceInfoReport.NOT_SPECIFIED, Integer.BYTES);
 
     private final String standardAlgorithmName;
 
@@ -52,7 +60,7 @@ public enum DigestAlgorithm {
      *
      * @return standard Java algorithm name
      */
-    String getStandardAlgorithmName() {
+    public String getStandardAlgorithmName() {
         return this.standardAlgorithmName;
     }
 

HIRS_Utils/src/main/java/hirs/data/persist/enums/DigestComparisonResultType.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.enums;
 
 /**
  * Enumeration identifying the different outcomes of a comparison between

HIRS_Utils/src/main/java/hirs/data/persist/enums/ExamineState.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.enums;
 
 /**
  * State capturing if a record was examined during appraisal or not.

HIRS_Utils/src/main/java/hirs/data/persist/enums/HealthStatus.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.enums;
 
 /**
  * <code>HealthStatus</code> is used to represent the health of a device.

HIRS_Utils/src/main/java/hirs/data/persist/enums/OSName.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.enums;
 
 /**
  * Enum used to represent operating system names.

HIRS_Utils/src/main/java/hirs/data/persist/enums/PortalScheme.java

@@ -0,0 +1,16 @@
+package hirs.data.persist.enums;
+
+/**
+ * Schemes used by the HIRS Portal.
+ */
+public enum PortalScheme {
+
+    /**
+     * HTTP.
+     */
+    HTTP,
+    /**
+     * HTTPS.
+     */
+    HTTPS;
+}

HIRS_Utils/src/main/java/hirs/data/persist/enums/ReportMatchStatus.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.enums;
 
 /**
  * This enum represents the result of a search for a record in a baseline.
@@ -20,5 +20,4 @@ public enum ReportMatchStatus {
      * Indicates the baseline has no entries matching the file path.
      */
     UNKNOWN
-
 }

HIRS_Utils/src/main/java/hirs/data/persist/enums/package-info.java

@@ -0,0 +1,4 @@
+/**
+ * This package contains a set of classes for accessing enums used by data persist.
+ */
+package hirs.data.persist.enums;

HIRS_Utils/src/main/java/hirs/data/persist/info/BIOSComponentInfo.java

@@ -1,5 +1,6 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.enums.ComponentType;
 import javax.persistence.DiscriminatorValue;
 import javax.persistence.Entity;
 
@@ -7,7 +8,7 @@ import javax.persistence.Entity;
  * Class to hold BIOS/UEFI Component information.
  */
 @Entity
-@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.BIOS_UEFI)
+@DiscriminatorValue(value = ComponentType.Values.BIOS_UEFI)
 public class BIOSComponentInfo extends ComponentInfo {
     /**
      * Default constructor required by Hibernate.

HIRS_Utils/src/main/java/hirs/data/persist/info/BaseboardComponentInfo.java

@@ -1,5 +1,6 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.enums.ComponentType;
 import javax.persistence.DiscriminatorValue;
 import javax.persistence.Entity;
 
@@ -7,7 +8,7 @@ import javax.persistence.Entity;
  * Class to hold information about baseboard components.
  */
 @Entity
-@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.BASEBOARD)
+@DiscriminatorValue(value = ComponentType.Values.BASEBOARD)
 public class BaseboardComponentInfo extends ComponentInfo {
     /**
      * Default constructor required by Hibernate.

HIRS_Utils/src/main/java/hirs/data/persist/info/ChassisComponentInfo.java

@@ -1,5 +1,6 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.enums.ComponentType;
 import javax.persistence.DiscriminatorValue;
 import javax.persistence.Entity;
 
@@ -7,7 +8,7 @@ import javax.persistence.Entity;
  * Class to hold chassis component information.
  */
 @Entity
-@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.CHASSIS)
+@DiscriminatorValue(value = ComponentType.Values.CHASSIS)
 public class ChassisComponentInfo extends ComponentInfo {
     /**
      * Default constructor required by Hibernate.

HIRS_Utils/src/main/java/hirs/data/persist/info/ComponentInfo.java

@@ -1,4 +1,4 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
 import org.apache.commons.lang3.StringUtils;
 import org.hibernate.annotations.DiscriminatorOptions;
@@ -25,96 +25,6 @@ import java.util.Objects;
 @DiscriminatorOptions(force = true)
 public class ComponentInfo implements Serializable {
 
-    /**
-     * Identifies the type of component.
-     */
-    public enum ComponentTypeEnum {
-        /**
-         * Baseboard.
-         */
-        BASEBOARD(Values.BASEBOARD),
-
-        /**
-         * BIOS or UEFI.
-         */
-        BIOS_UEFI(Values.BIOS_UEFI),
-
-        /**
-         * Chassis.
-         */
-        CHASSIS(Values.CHASSIS),
-
-        /**
-         * Hard Drive.
-         */
-        HARD_DRIVE(Values.HARD_DRIVE),
-
-        /**
-         * Memory.
-         */
-        MEMORY(Values.MEMORY),
-
-        /**
-         * Network Interface Card.
-         */
-        NIC(Values.NIC),
-
-        /**
-         * Processor.
-         */
-        PROCESSOR(Values.PROCESSOR);
-
-        /**
-         * Constructor.
-         * @param val string value
-         */
-        ComponentTypeEnum(final String val) {
-            if (!this.name().equals(val)) {
-                throw new IllegalArgumentException("Incorrect use of ComponentTypeEnum");
-            }
-        }
-
-        /**
-         * String values for use in {@link ComponentTypeEnum}.
-         */
-        public static class Values {
-            /**
-             * Baseboard.
-             */
-            public static final String BASEBOARD = "BASEBOARD";
-
-            /**
-             * BIOS or UEFI.
-             */
-            public static final String BIOS_UEFI = "BIOS_UEFI";
-
-            /**
-             * Chassis.
-             */
-            public static final String CHASSIS = "CHASSIS";
-
-            /**
-             * Hard Drive.
-             */
-            public static final String HARD_DRIVE = "HARD_DRIVE";
-
-            /**
-             * Memory.
-             */
-            public static final String MEMORY = "MEMORY";
-
-            /**
-             * Network Interface Card.
-             */
-            public static final String NIC = "NIC";
-
-            /**
-             * Processor.
-             */
-            public static final String PROCESSOR = "PROCESSOR";
-        }
-    }
-
     @Id
     @Column(name = "componentInfo_id")
     @GeneratedValue(strategy = GenerationType.AUTO)

HIRS_Utils/src/main/java/hirs/data/persist/info/FirmwareInfo.java

@@ -1,5 +1,6 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.DeviceInfoReport;
 import hirs.utils.StringValidator;
 
 import javax.persistence.Column;
@@ -10,19 +11,17 @@ import java.io.Serializable;
  * Used for representing the firmware info of a device, such as the BIOS information.
  */
 public class FirmwareInfo implements Serializable {
-    private static final int SHORT_STRING_LENGTH = 32;
-    private static final int LONG_STRING_LENGTH = 256;
 
     @XmlElement
-    @Column(length = LONG_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
     private final String biosVendor;
 
     @XmlElement
-    @Column(length = LONG_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
     private final String biosVersion;
 
     @XmlElement
-    @Column(length = SHORT_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = false)
     private final String biosReleaseDate;
 
     /**
@@ -35,13 +34,13 @@ public class FirmwareInfo implements Serializable {
     public FirmwareInfo(final String biosVendor, final String biosVersion,
                         final String biosReleaseDate) {
         this.biosVendor = StringValidator.check(biosVendor, "biosVendor")
-                .notBlank().maxLength(LONG_STRING_LENGTH).get();
+                .notBlank().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
 
         this.biosVersion = StringValidator.check(biosVersion, "biosVersion")
-                .notBlank().maxLength(LONG_STRING_LENGTH).get();
+                .notBlank().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
 
         this.biosReleaseDate = StringValidator.check(biosReleaseDate, "biosReleaseDate")
-                .notBlank().maxLength(SHORT_STRING_LENGTH).get();
+                .notBlank().maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get();
     }
 
     /**

HIRS_Utils/src/main/java/hirs/data/persist/info/HardDriveComponentInfo.java

@@ -1,5 +1,6 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.enums.ComponentType;
 import javax.persistence.DiscriminatorValue;
 import javax.persistence.Entity;
 
@@ -7,7 +8,7 @@ import javax.persistence.Entity;
  * Class to hold hard drive component information.
  */
 @Entity
-@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.HARD_DRIVE)
+@DiscriminatorValue(value = ComponentType.Values.HARD_DRIVE)
 public class HardDriveComponentInfo extends ComponentInfo {
     /**
      * Default constructor required by Hibernate.

HIRS_Utils/src/main/java/hirs/data/persist/info/HardwareInfo.java

@@ -1,5 +1,6 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.DeviceInfoReport;
 import hirs.utils.StringValidator;
 import org.apache.commons.lang3.StringUtils;
 
@@ -14,31 +15,29 @@ import java.util.Objects;
  */
 @Embeddable
 public class HardwareInfo implements Serializable {
-    private static final int SHORT_STRING_LENGTH = 64;
-    private static final int LONG_STRING_LENGTH = 256;
 
     @XmlElement
-    @Column(length = LONG_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
     private String manufacturer = DeviceInfoReport.NOT_SPECIFIED;
 
     @XmlElement
-    @Column(length = LONG_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
     private String productName = DeviceInfoReport.NOT_SPECIFIED;
 
     @XmlElement
-    @Column(length = SHORT_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false)
     private String version = DeviceInfoReport.NOT_SPECIFIED;
 
     @XmlElement
-    @Column(length = LONG_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
     private String systemSerialNumber = DeviceInfoReport.NOT_SPECIFIED;
 
     @XmlElement
-    @Column(length = LONG_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
     private String chassisSerialNumber = DeviceInfoReport.NOT_SPECIFIED;
 
     @XmlElement
-    @Column(length = LONG_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
     private String baseboardSerialNumber = DeviceInfoReport.NOT_SPECIFIED;
 
     /**
@@ -61,33 +60,35 @@ public class HardwareInfo implements Serializable {
     ) {
         if (!StringUtils.isBlank(manufacturer)) {
             this.manufacturer = StringValidator.check(manufacturer, "manufacturer")
-                    .maxLength(LONG_STRING_LENGTH).get();
+                    .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
         }
 
         if (!StringUtils.isBlank(productName)) {
             this.productName = StringValidator.check(productName, "productName")
-                    .maxLength(LONG_STRING_LENGTH).get();
+                    .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
         }
 
         if (!StringUtils.isBlank(version)) {
             this.version = StringValidator.check(version, "version")
-                    .maxLength(SHORT_STRING_LENGTH).get();
+                    .maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
         }
 
         if (!StringUtils.isBlank(systemSerialNumber)) {
             this.systemSerialNumber = StringValidator.check(systemSerialNumber,
-                    "systemSerialNumber").maxLength(LONG_STRING_LENGTH).get();
+                    "systemSerialNumber")
+                    .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
         }
 
         if (!StringUtils.isBlank(chassisSerialNumber)) {
             this.chassisSerialNumber = StringValidator.check(chassisSerialNumber,
-                    "chassisSerialNumber").maxLength(LONG_STRING_LENGTH).get();
+                    "chassisSerialNumber")
+                    .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
         }
 
         if (!StringUtils.isBlank(baseboardSerialNumber)) {
             this.baseboardSerialNumber = StringValidator.check(
-                    baseboardSerialNumber, "baseboardSerialNumber"
+                    baseboardSerialNumber, "baseboardSerialNumber")
-            ).maxLength(LONG_STRING_LENGTH).get();
+                    .maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
         }
     }
 

HIRS_Utils/src/main/java/hirs/data/persist/info/MemoryComponentInfo.java

@@ -1,5 +1,6 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.enums.ComponentType;
 import javax.persistence.DiscriminatorValue;
 import javax.persistence.Entity;
 
@@ -7,7 +8,7 @@ import javax.persistence.Entity;
  * Class to hold memory component information.
  */
 @Entity
-@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.MEMORY)
+@DiscriminatorValue(value = ComponentType.Values.MEMORY)
 public class MemoryComponentInfo extends ComponentInfo {
     /**
      * Default constructor required by Hibernate.

HIRS_Utils/src/main/java/hirs/data/persist/info/NICComponentInfo.java

@@ -1,5 +1,6 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.enums.ComponentType;
 import javax.persistence.DiscriminatorValue;
 import javax.persistence.Entity;
 
@@ -7,7 +8,7 @@ import javax.persistence.Entity;
  * Class to hold Network Interface Card (NIC) component information.
  */
 @Entity
-@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.NIC)
+@DiscriminatorValue(value = ComponentType.Values.NIC)
 public class NICComponentInfo extends ComponentInfo {
     /**
      * Default constructor required by Hibernate.

HIRS_Utils/src/main/java/hirs/data/persist/info/NetworkInfo.java

@@ -1,5 +1,7 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.DeviceInfoReport;
+import hirs.data.persist.InetAddressXmlAdapter;
 import java.io.Serializable;
 import java.net.InetAddress;
 import java.util.Arrays;
@@ -22,19 +24,15 @@ public class NetworkInfo implements Serializable {
     private static final Logger LOGGER = LogManager
             .getLogger(NetworkInfo.class);
 
-    private static final int LONG_STRING_LENGTH = 255;
-    private static final int SHORT_STRING_LENGTH = 32;
     private static final int NUM_MAC_ADDRESS_BYTES = 6;
 
     @XmlElement
-    @Column(length = LONG_STRING_LENGTH, nullable = true)
+    @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = true)
-    @SuppressWarnings("checkstyle:magicnumber")
     private String hostname;
 
     @XmlElement
     @XmlJavaTypeAdapter(value = InetAddressXmlAdapter.class)
-    @SuppressWarnings("checkstyle:magicnumber")
+    @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true)
-    @Column(length = SHORT_STRING_LENGTH, nullable = true)
     @Type(type = "hirs.data.persist.type.InetAddressType")
     private InetAddress ipAddress;
 

HIRS_Utils/src/main/java/hirs/data/persist/info/OSInfo.java

@@ -1,5 +1,6 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.DeviceInfoReport;
 import hirs.utils.StringValidator;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -15,27 +16,25 @@ import java.io.Serializable;
 @Embeddable
 public class OSInfo implements Serializable {
     private static final Logger LOGGER = LogManager.getLogger(OSInfo.class);
-    private static final int SHORT_STRING_LENGTH = 32;
-    private static final int LONG_STRING_LENGTH = 256;
 
     @XmlElement
-    @Column(length = LONG_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
     private final String osName;
 
     @XmlElement
-    @Column(length = LONG_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.LONG_STRING_LENGTH, nullable = false)
     private final String osVersion;
 
     @XmlElement
-    @Column(length = SHORT_STRING_LENGTH, nullable = false)
+    @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = false)
     private final String osArch;
 
     @XmlElement
-    @Column(length = SHORT_STRING_LENGTH, nullable = true)
+    @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true)
     private final String distribution;
 
     @XmlElement
-    @Column(length = SHORT_STRING_LENGTH, nullable = true)
+    @Column(length = DeviceInfoReport.SHORT_STRING_LENGTH, nullable = true)
     private final String distributionRelease;
 
     /**
@@ -61,24 +60,24 @@ public class OSInfo implements Serializable {
             final String distributionRelease) {
         LOGGER.debug("setting OS name information to: {}", osName);
         this.osName = StringValidator.check(osName, "osName")
-                .notNull().maxLength(LONG_STRING_LENGTH).get();
+                .notNull().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
 
         LOGGER.debug("setting OS version information to: {}", osVersion);
         this.osVersion = StringValidator.check(osVersion, "osVersion")
-                .notNull().maxLength(LONG_STRING_LENGTH).get();
+                .notNull().maxLength(DeviceInfoReport.LONG_STRING_LENGTH).get();
 
         LOGGER.debug("setting OS arch information to: {}", osArch);
         this.osArch = StringValidator.check(osArch, "osArch")
-                .notNull().maxLength(SHORT_STRING_LENGTH).get();
+                .notNull().maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get();
 
         LOGGER.debug("setting OS distribution information to: {}", distribution);
         this.distribution = StringValidator.check(distribution, "distribution")
-                .maxLength(SHORT_STRING_LENGTH).get();
+                .maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get();
 
         LOGGER.debug("setting OS distribution release information to: {}",
                 distributionRelease);
         this.distributionRelease = StringValidator.check(distributionRelease, "distributionRelease")
-                .maxLength(SHORT_STRING_LENGTH).get();
+                .maxLength(DeviceInfoReport.SHORT_STRING_LENGTH).get();
     }
 
     /**

HIRS_Utils/src/main/java/hirs/data/persist/info/PortalInfo.java

@@ -1,5 +1,6 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.enums.PortalScheme;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import javax.persistence.Access;
@@ -18,20 +19,6 @@ import javax.persistence.Table;
 @Table(name = "PortalInfo")
 @Access(AccessType.FIELD)
 public class PortalInfo {
-    /**
-     * Schemes used by the HIRS Portal.
-     */
-    public enum Scheme {
-        /**
-         * HTTP.
-         */
-        HTTP,
-        /**
-         * HTTPS.
-         */
-        HTTPS;
-    }
-
     @Id
     @Column
     @GeneratedValue(strategy = GenerationType.AUTO)
@@ -60,7 +47,7 @@ public class PortalInfo {
      *
      * @param scheme Name of the portal.
      */
-    public final void setSchemeName(final PortalInfo.Scheme scheme) {
+    public final void setSchemeName(final PortalScheme scheme) {
         if (scheme == null) {
             throw new NullPointerException("Scheme cannot be null");
         }

HIRS_Utils/src/main/java/hirs/data/persist/info/ProcessorComponentInfo.java

@@ -1,5 +1,6 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
+import hirs.data.persist.enums.ComponentType;
 import javax.persistence.DiscriminatorValue;
 import javax.persistence.Entity;
 
@@ -7,7 +8,7 @@ import javax.persistence.Entity;
  * Class to hold processor component information.
  */
 @Entity
-@DiscriminatorValue(value = ComponentInfo.ComponentTypeEnum.Values.PROCESSOR)
+@DiscriminatorValue(value = ComponentType.Values.PROCESSOR)
 public class ProcessorComponentInfo extends ComponentInfo {
     /**
      * Default constructor required by Hibernate.

HIRS_Utils/src/main/java/hirs/data/persist/info/RIMInfo.java

@@ -0,0 +1,138 @@
+package hirs.data.persist.info;
+
+import hirs.data.persist.DeviceInfoReport;
+import hirs.utils.StringValidator;
+import java.io.Serializable;
+import javax.persistence.Column;
+import javax.persistence.Embeddable;
+import javax.xml.bind.annotation.XmlElement;
+
+/**
+ *
+ */
+@Embeddable
+public class RIMInfo implements Serializable {
+
+    @XmlElement
+    @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false)
+    private final String rimManufacturer;
+
+    @XmlElement
+    @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false)
+    private final String model;
+
+    @XmlElement
+    @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false)
+    private final String fileHash;
+
+    @XmlElement
+    @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = false)
+    private final String pcrHash;
+
+    /**
+     * Constructor for the initial values of the class.
+     * @param rimManufacturer string of the rimManufacturer
+     * @param model string of the model
+     * @param fileHash string of the file hash
+     * @param pcrHash string of the pcr hash
+     */
+    public RIMInfo(final String rimManufacturer, final String model,
+            final String fileHash, final String pcrHash) {
+        this.rimManufacturer = StringValidator.check(rimManufacturer, "rimManufacturer")
+                .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
+        this.model = StringValidator.check(model, "model")
+                .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
+        this.fileHash = StringValidator.check(fileHash, "fileHash")
+                .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
+        this.pcrHash = StringValidator.check(pcrHash, "pcrHash")
+                .notBlank().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
+    }
+
+    /**
+     * Default no parameter constructor.
+     */
+    public RIMInfo() {
+        this(DeviceInfoReport.NOT_SPECIFIED, DeviceInfoReport.NOT_SPECIFIED,
+                DeviceInfoReport.NOT_SPECIFIED, DeviceInfoReport.NOT_SPECIFIED);
+    }
+
+    /**
+     * Getter for the rimManufacturer string.
+     * @return string of the rimManufacturer.
+     */
+    public final String getRimManufacturer() {
+        return this.rimManufacturer;
+    }
+
+    /**
+     * Getter for the model string.
+     * @return of the model string
+     */
+    public final String getModel() {
+        return this.model;
+    }
+
+    /**
+     * Getter for the file hash string.
+     * @return fileHash string
+     */
+    public String getFileHash() {
+        return fileHash;
+    }
+
+    /**
+     * Getter for the pcr hash.
+     * @return pcrhash string
+     */
+    public String getPcrHash() {
+        return pcrHash;
+    }
+
+    @Override
+    public String toString() {
+        return String.format("%s, %s, %s, %s", rimManufacturer, model,
+                fileHash, pcrHash);
+    }
+
+    @Override
+    public final boolean equals(final Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj == null) {
+            return false;
+        }
+        if (!(obj instanceof RIMInfo)) {
+            return false;
+        }
+        RIMInfo other = (RIMInfo) obj;
+
+        if (rimManufacturer != null && !rimManufacturer.equals(other.rimManufacturer)) {
+            return false;
+        }
+        if (model != null && !model.equals(other.model)) {
+            return false;
+        }
+        if (fileHash != null && !fileHash.equals(other.fileHash)) {
+            return false;
+        }
+        if (pcrHash != null && !pcrHash.equals(other.pcrHash)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    @Override
+    public final int hashCode() {
+        final int prime = 31;
+        int result = 1;
+
+        result = prime * result + rimManufacturer.hashCode();
+        result = prime * result + model.hashCode();
+        result = prime * result + fileHash.hashCode();
+        result = prime * result + pcrHash.hashCode();
+
+        return result;
+    }
+}

HIRS_Utils/src/main/java/hirs/data/persist/info/TPMInfo.java

@@ -1,6 +1,8 @@
-package hirs.data.persist;
+package hirs.data.persist.info;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
+import hirs.data.persist.DeviceInfoReport;
+import hirs.data.persist.X509CertificateAdapter;
 
 import java.io.Serializable;
 import java.security.cert.X509Certificate;
@@ -22,10 +24,9 @@ import org.hibernate.annotations.Type;
 @Embeddable
 public class TPMInfo implements Serializable {
     private static final Logger LOGGER = LogManager.getLogger(TPMInfo.class);
-    private static final int STRING_LENGTH = 64;
 
     @XmlElement
-    @Column(length = STRING_LENGTH, nullable = true)
+    @Column(length = DeviceInfoReport.MED_STRING_LENGTH, nullable = true)
     private String tpmMake;
 
     @XmlElement
@@ -226,7 +227,7 @@ public class TPMInfo implements Serializable {
     private void setTPMMake(final String tpmMake) {
         LOGGER.debug("setting TPM make info: {}", tpmMake);
         this.tpmMake = StringValidator.check(tpmMake, "tpmMake")
-                .notNull().maxLength(STRING_LENGTH).get();
+                .notNull().maxLength(DeviceInfoReport.MED_STRING_LENGTH).get();
     }
 
     private void setTPMVersionMajor(final short tpmVersionMajor) {

HIRS_Utils/src/main/java/hirs/data/persist/info/package-info.java

@@ -0,0 +1,5 @@
+/**
+ * This package contains a set of classes for accessing info classes used by data persist.
+ */
+package hirs.data.persist.info;
+

HIRS_Utils/src/main/java/hirs/data/persist/tpm/PcrInfoShort.java

@@ -1,7 +1,7 @@
 package hirs.data.persist.tpm;
 
 import hirs.data.persist.Digest;
-import hirs.data.persist.DigestAlgorithm;
+import hirs.data.persist.enums.DigestAlgorithm;
 import hirs.data.persist.TPMMeasurementRecord;
 
 import javax.persistence.AttributeOverride;

HIRS_Utils/src/main/java/hirs/ima/CSVGenerator.java

@@ -1,17 +1,17 @@
 package hirs.ima;
 
 import hirs.data.persist.Digest;
-import hirs.data.persist.FirmwareInfo;
+import hirs.data.persist.info.FirmwareInfo;
-import hirs.data.persist.HardwareInfo;
+import hirs.data.persist.info.HardwareInfo;
-import hirs.data.persist.IMABaselineRecord;
+import hirs.data.persist.baseline.IMABaselineRecord;
-import hirs.data.persist.ImaAcceptableRecordBaseline;
+import hirs.data.persist.baseline.ImaAcceptableRecordBaseline;
-import hirs.data.persist.ImaBlacklistBaseline;
+import hirs.data.persist.baseline.ImaBlacklistBaseline;
 import hirs.data.persist.ImaBlacklistRecord;
-import hirs.data.persist.ImaIgnoreSetBaseline;
+import hirs.data.persist.baseline.ImaIgnoreSetBaseline;
 import hirs.data.persist.ImaIgnoreSetRecord;
-import hirs.data.persist.OSInfo;
+import hirs.data.persist.info.OSInfo;
-import hirs.data.persist.TPMBaseline;
+import hirs.data.persist.baseline.TPMBaseline;
-import hirs.data.persist.TPMInfo;
+import hirs.data.persist.info.TPMInfo;
 import hirs.data.persist.TPMMeasurementRecord;
 import hirs.tpm.TPMBaselineGenerator.TPMBaselineFields;
 import org.apache.commons.codec.binary.Hex;
@@ -131,28 +131,28 @@ public final class CSVGenerator {
         // Add device info records to the map
         HashMap<TPMBaselineFields, String> map = new HashMap<TPMBaselineFields, String>();
         final FirmwareInfo firmwareInfo = tpmBaseline.getFirmwareInfo();
-        map.put(TPMBaselineFields.biosvendor, firmwareInfo.getBiosVendor());
+        map.put(TPMBaselineFields.BIOS_VENDOR, firmwareInfo.getBiosVendor());
-        map.put(TPMBaselineFields.biosversion, firmwareInfo.getBiosVersion());
+        map.put(TPMBaselineFields.BIOS_VERSION, firmwareInfo.getBiosVersion());
-        map.put(TPMBaselineFields.biosreleasedate, firmwareInfo.getBiosReleaseDate());
+        map.put(TPMBaselineFields.BIOS_RELEASE_DATE, firmwareInfo.getBiosReleaseDate());
         final HardwareInfo hardwareInfo = tpmBaseline.getHardwareInfo();
-        map.put(TPMBaselineFields.manufacturer, hardwareInfo.getManufacturer());
+        map.put(TPMBaselineFields.MANUFACTURER, hardwareInfo.getManufacturer());
-        map.put(TPMBaselineFields.productname, hardwareInfo.getProductName());
+        map.put(TPMBaselineFields.PRODUCT_NAME, hardwareInfo.getProductName());
-        map.put(TPMBaselineFields.version, hardwareInfo.getVersion());
+        map.put(TPMBaselineFields.VERSION, hardwareInfo.getVersion());
-        map.put(TPMBaselineFields.systemserialnumber, hardwareInfo.getSystemSerialNumber());
+        map.put(TPMBaselineFields.SYSTEM_SERIAL_NUMBER, hardwareInfo.getSystemSerialNumber());
-        map.put(TPMBaselineFields.chassisserialnumber, hardwareInfo.getChassisSerialNumber());
+        map.put(TPMBaselineFields.CHASSIS_SERIAL_NUMBER, hardwareInfo.getChassisSerialNumber());
-        map.put(TPMBaselineFields.baseboardserialnumber, hardwareInfo.getBaseboardSerialNumber());
+        map.put(TPMBaselineFields.BASEBOARD_SERIAL_NUMBER, hardwareInfo.getBaseboardSerialNumber());
         final OSInfo osInfo = tpmBaseline.getOSInfo();
-        map.put(TPMBaselineFields.osname, osInfo.getOSName());
+        map.put(TPMBaselineFields.OS_NAME, osInfo.getOSName());
-        map.put(TPMBaselineFields.osversion, osInfo.getOSVersion());
+        map.put(TPMBaselineFields.OS_VERSION, osInfo.getOSVersion());
-        map.put(TPMBaselineFields.osarch, osInfo.getOSArch());
+        map.put(TPMBaselineFields.OS_ARCH, osInfo.getOSArch());
-        map.put(TPMBaselineFields.distribution, osInfo.getDistribution());
+        map.put(TPMBaselineFields.DISTRIBUTION, osInfo.getDistribution());
-        map.put(TPMBaselineFields.distributionrelease, osInfo.getDistributionRelease());
+        map.put(TPMBaselineFields.DISTRIBUTION_RELEASE, osInfo.getDistributionRelease());
         final TPMInfo tpmInfo = tpmBaseline.getTPMInfo();
-        map.put(TPMBaselineFields.tpmmake, tpmInfo.getTPMMake());
+        map.put(TPMBaselineFields.TPM_MAKE, tpmInfo.getTPMMake());
-        map.put(TPMBaselineFields.tpmversionmajor, "" + tpmInfo.getTPMVersionMajor());
+        map.put(TPMBaselineFields.TPM_VERSION_MAJOR, "" + tpmInfo.getTPMVersionMajor());
-        map.put(TPMBaselineFields.tpmversionminor, "" + tpmInfo.getTPMVersionMinor());
+        map.put(TPMBaselineFields.TPM_VERSION_MINOR, "" + tpmInfo.getTPMVersionMinor());
-        map.put(TPMBaselineFields.tpmversionrevmajor, "" + tpmInfo.getTPMVersionRevMajor());
+        map.put(TPMBaselineFields.TPM_VERSION_REV_MAJOR, "" + tpmInfo.getTPMVersionRevMajor());
-        map.put(TPMBaselineFields.tpmversionrevminor, "" + tpmInfo.getTPMVersionRevMinor());
+        map.put(TPMBaselineFields.TPM_VERSION_REV_MINOR, "" + tpmInfo.getTPMVersionRevMinor());
         // Add device info records to the CSV file
         sb.append(TPMBaselineFields.toCSV(map));
 

HIRS_Utils/src/main/java/hirs/ima/ImaBlacklistBaselineGenerator.java

@@ -3,7 +3,7 @@ package hirs.ima;
 import com.google.common.base.Charsets;
 import com.google.common.base.Preconditions;
 import hirs.data.persist.Digest;
-import hirs.data.persist.ImaBlacklistBaseline;
+import hirs.data.persist.baseline.ImaBlacklistBaseline;
 import hirs.data.persist.ImaBlacklistRecord;
 import org.apache.commons.csv.CSVFormat;
 import org.apache.commons.csv.CSVParser;

HIRS_Utils/src/main/java/hirs/ima/ImaIgnoreSetBaselineGenerator.java

@@ -1,6 +1,6 @@
 package hirs.ima;
 
-import hirs.data.persist.ImaIgnoreSetBaseline;
+import hirs.data.persist.baseline.ImaIgnoreSetBaseline;
 import hirs.data.persist.ImaIgnoreSetRecord;
 
 import java.io.BufferedReader;

HIRS_Utils/src/main/java/hirs/ima/SimpleImaBaselineGenerator.java

@@ -1,11 +1,11 @@
 package hirs.ima;
 
 import hirs.data.persist.IMAReport;
-import hirs.data.persist.SimpleImaBaseline;
+import hirs.data.persist.baseline.SimpleImaBaseline;
 import hirs.data.persist.Digest;
-import hirs.data.persist.DigestAlgorithm;
+import hirs.data.persist.enums.DigestAlgorithm;
-import hirs.data.persist.ImaBaseline;
+import hirs.data.persist.baseline.ImaBaseline;
-import hirs.data.persist.IMABaselineRecord;
+import hirs.data.persist.baseline.IMABaselineRecord;
 import hirs.data.persist.IMAMeasurementRecord;
 import hirs.data.persist.IntegrityReport;
 

HIRS_Utils/src/main/java/hirs/ima/matching/BatchImaMatchStatus.java

@@ -2,8 +2,8 @@ package hirs.ima.matching;
 
 import com.google.common.base.Preconditions;
 import hirs.data.persist.IMAMeasurementRecord;
-import hirs.data.persist.AbstractImaBaselineRecord;
+import hirs.data.persist.baseline.AbstractImaBaselineRecord;
-import hirs.data.persist.ReportMatchStatus;
+import hirs.data.persist.enums.ReportMatchStatus;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -17,7 +17,7 @@ import java.util.Set;
 
 /**
  * This class holds the results of the appraisal of a batch of {@link IMAMeasurementRecord}s against
- * one or many {@link hirs.data.persist.ImaBaseline}s.
+ * one or many {@link hirs.data.persist.baseline.ImaBaseline}s.
  *
  * @param <T> the type of IMA baseline record that an instance of this class matches against
  */

HIRS_Utils/src/main/java/hirs/ima/matching/IMAMatchStatus.java

@@ -1,10 +1,10 @@
 package hirs.ima.matching;
 
-import hirs.data.persist.Baseline;
+import hirs.data.persist.baseline.Baseline;
 import hirs.data.persist.IMAMeasurementRecord;
-import hirs.data.persist.AbstractImaBaselineRecord;
+import hirs.data.persist.baseline.AbstractImaBaselineRecord;
-import hirs.data.persist.ImaBaseline;
+import hirs.data.persist.baseline.ImaBaseline;
-import hirs.data.persist.ReportMatchStatus;
+import hirs.data.persist.enums.ReportMatchStatus;
 
 import java.util.Collections;
 import java.util.HashSet;

HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptableHashRecordMatcher.java

@@ -1,11 +1,11 @@
 package hirs.ima.matching;
 
 import com.google.common.base.Preconditions;
-import hirs.data.persist.IMABaselineRecord;
+import hirs.data.persist.baseline.IMABaselineRecord;
 import hirs.data.persist.IMAMeasurementRecord;
 import hirs.data.persist.IMAPolicy;
-import hirs.data.persist.ImaBaseline;
+import hirs.data.persist.baseline.ImaBaseline;
-import hirs.data.persist.ReportMatchStatus;
+import hirs.data.persist.enums.ReportMatchStatus;
 
 import java.util.Collection;
 import java.util.Set;

HIRS_Utils/src/main/java/hirs/ima/matching/ImaAcceptablePathAndHashRecordMatcher.java

@@ -1,12 +1,12 @@
 package hirs.ima.matching;
 
 import com.google.common.base.Preconditions;
-import hirs.data.persist.DigestComparisonResultType;
+import hirs.data.persist.enums.DigestComparisonResultType;
-import hirs.data.persist.IMABaselineRecord;
+import hirs.data.persist.baseline.IMABaselineRecord;
 import hirs.data.persist.IMAMeasurementRecord;
 import hirs.data.persist.IMAPolicy;
-import hirs.data.persist.ImaBaseline;
+import hirs.data.persist.baseline.ImaBaseline;
-import hirs.data.persist.ReportMatchStatus;
+import hirs.data.persist.enums.ReportMatchStatus;
 import org.apache.logging.log4j.Logger;
 
 import java.util.Collection;

HIRS_Utils/src/main/java/hirs/ima/matching/ImaBlacklistRecordMatcher.java

@@ -1,11 +1,11 @@
 package hirs.ima.matching;
 
-import hirs.data.persist.Alert;
 import hirs.data.persist.IMAMeasurementRecord;
 import hirs.data.persist.IMAPolicy;
-import hirs.data.persist.ImaBaseline;
+import hirs.data.persist.baseline.ImaBaseline;
 import hirs.data.persist.ImaBlacklistRecord;
-import hirs.data.persist.ReportMatchStatus;
+import hirs.data.persist.enums.AlertType;
+import hirs.data.persist.enums.ReportMatchStatus;
 
 import java.util.Collection;
 import java.util.HashSet;
@@ -81,16 +81,16 @@ public class ImaBlacklistRecordMatcher extends ImaRecordMatcher<ImaBlacklistReco
      * @param blacklistMatches the list of matches
      * @return the relevant alert type
      */
-    public static Alert.AlertType getBlacklistAlertType(
+    public static AlertType getBlacklistAlertType(
             final Set<IMAMatchStatus<ImaBlacklistRecord>> blacklistMatches) {
-        Alert.AlertType type = null;
+        AlertType type = null;
         for (IMAMatchStatus<ImaBlacklistRecord> match : blacklistMatches) {
             for (ImaBlacklistRecord blacklistRecord : match.getBaselineRecords()) {
                 if (type == null) {
                     type = blacklistRecord.getAlertMatchType();
                 } else {
                     if (type != blacklistRecord.getAlertMatchType()) {
-                        return Alert.AlertType.IMA_BLACKLIST_MIXED_MATCH;
+                        return AlertType.IMA_BLACKLIST_MIXED_MATCH;
                     }
                 }
             }

HIRS_Utils/src/main/java/hirs/ima/matching/ImaIgnoreSetRecordMatcher.java

@@ -2,9 +2,9 @@ package hirs.ima.matching;
 
 import hirs.data.persist.IMAMeasurementRecord;
 import hirs.data.persist.IMAPolicy;
-import hirs.data.persist.ImaBaseline;
+import hirs.data.persist.baseline.ImaBaseline;
 import hirs.data.persist.ImaIgnoreSetRecord;
-import hirs.data.persist.ReportMatchStatus;
+import hirs.data.persist.enums.ReportMatchStatus;
 import hirs.utils.RegexFilePathMatcher;
 
 import java.util.Collection;

HIRS_Utils/src/main/java/hirs/ima/matching/ImaRecordMatcher.java

@@ -3,11 +3,11 @@ package hirs.ima.matching;
 import com.google.common.collect.ImmutableListMultimap;
 import com.google.common.collect.Multimap;
 import hirs.data.persist.Digest;
-import hirs.data.persist.IMABaselineRecord;
+import hirs.data.persist.baseline.IMABaselineRecord;
 import hirs.data.persist.IMAMeasurementRecord;
 import hirs.data.persist.IMAPolicy;
-import hirs.data.persist.AbstractImaBaselineRecord;
+import hirs.data.persist.baseline.AbstractImaBaselineRecord;
-import hirs.data.persist.ImaBaseline;
+import hirs.data.persist.baseline.ImaBaseline;
 
 import java.util.ArrayList;
 import java.util.Collection;

HIRS_Utils/src/main/java/hirs/persist/AlertManager.java

@@ -2,11 +2,12 @@ package hirs.persist;
 
 import hirs.FilteredRecordsList;
 import hirs.data.persist.Alert;
-import hirs.data.persist.Baseline;
+import hirs.data.persist.baseline.Baseline;
 import hirs.data.persist.Device;
 import hirs.data.persist.DeviceGroup;
 import hirs.data.persist.Policy;
 import hirs.data.persist.Report;
+import hirs.data.persist.enums.AlertSource;
 import org.hibernate.criterion.Criterion;
 
 import java.util.Date;
@@ -217,7 +218,7 @@ public interface AlertManager {
      * @param source counted alerts must originate from
      * @return count of unresolved alerts
      */
-    int countUnresolvedAlerts(Device device, Alert.Source source);
+    int countUnresolvedAlerts(Device device, AlertSource source);
 
     /**
      * Count the total number of devices with at least one unresolved alert within the given group.

HIRS_Utils/src/main/java/hirs/persist/BaselineManager.java

@@ -2,8 +2,8 @@ package hirs.persist;
 
 import hirs.FilteredRecordsList;
 import hirs.data.bean.SimpleBaselineBean;
-import hirs.data.persist.Baseline;
+import hirs.data.persist.baseline.Baseline;
-import hirs.data.persist.IMABaselineRecord;
+import hirs.data.persist.baseline.IMABaselineRecord;
 import hirs.data.persist.ImaBlacklistRecord;
 import hirs.repository.RepoPackage;
 

HIRS_Utils/src/main/java/hirs/persist/DBAlertManager.java

@@ -4,7 +4,7 @@ import hirs.FilteredRecordsList;
 import static org.apache.logging.log4j.LogManager.getLogger;
 
 import hirs.data.persist.Alert;
-import hirs.data.persist.Baseline;
+import hirs.data.persist.baseline.Baseline;
 import hirs.data.persist.Device;
 import hirs.data.persist.DeviceGroup;
 import hirs.data.persist.Policy;
@@ -17,6 +17,7 @@ import java.util.Map;
 import java.util.UUID;
 
 import hirs.data.persist.Report;
+import hirs.data.persist.enums.AlertSource;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.Logger;
 import org.hibernate.Criteria;
@@ -613,7 +614,7 @@ public class DBAlertManager extends DBManager<Alert> implements AlertManager {
      * @param source counted alerts must originate from
      * @return count of unresolved alerts
      */
-    public final int countUnresolvedAlerts(final Device device, final Alert.Source source) {
+    public final int countUnresolvedAlerts(final Device device, final AlertSource source) {
         if (device == null) {
             String msg = "invalid argument - null value for device";
             LOGGER.error(msg);