diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java index 01eef415..85e44478 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/ComponentResult.java @@ -121,23 +121,46 @@ public class ComponentResult extends ArchivableEntity { element.getAddressValue().toString())); } componentAddress = sb.toString(); + } - // V2 fields - if (componentIdentifier.isVersion2() - && componentIdentifier instanceof ComponentIdentifierV2 ciV2) { - // this is a downside of findbugs, the code is set up to indicate if a CI is V2 or not - // but find bugs is throwing a flag because instanceof isn't being used. - this.componentClassValue = ciV2.getComponentClass().getComponentIdentifier(); - this.componentClassStr = ciV2.getComponentClass().toString(); - this.componentClassType = ciV2.getComponentClass().getRegistryType(); - this.attributeStatus = ciV2.getAttributeStatus(); - this.version2 = true; - if (ciV2.getCertificateIdentifier() != null) { - this.issuerDN = ciV2.getCertificateIdentifier().getIssuerDN().toString(); - if (ciV2.getComponentPlatformUri() != null) { - this.uniformResourceIdentifier = ciV2.getComponentPlatformUri() - .getUniformResourceIdentifier().toString(); - } + /** + * @param boardSerialNumber + * @param certificateSerialNumber + * @param certificateType + * @param componentIdentifierV2 + */ + public ComponentResult(final String boardSerialNumber, final String certificateSerialNumber, + final String certificateType, + final ComponentIdentifierV2 componentIdentifierV2) { + + this.boardSerialNumber = boardSerialNumber; + this.certificateSerialNumber = certificateSerialNumber; + this.certificateType = certificateType; + this.manufacturer = componentIdentifierV2.getComponentManufacturer().toString(); + this.model = componentIdentifierV2.getComponentModel().toString(); + this.serialNumber = componentIdentifierV2.getComponentSerial().toString(); + this.revisionNumber = componentIdentifierV2.getComponentRevision().toString(); + if (componentIdentifierV2.getFieldReplaceable() != null) { + this.fieldReplaceable = componentIdentifierV2.getFieldReplaceable().isTrue(); + } + + StringBuilder sb = new StringBuilder(); + for (ComponentAddress element : componentIdentifierV2.getComponentAddress()) { + sb.append(String.format("%s:%s;", element.getAddressTypeValue(), + element.getAddressValue().toString())); + } + componentAddress = sb.toString(); + + this.componentClassValue = componentIdentifierV2.getComponentClass().getComponentIdentifier(); + this.componentClassStr = componentIdentifierV2.getComponentClass().toString(); + this.componentClassType = componentIdentifierV2.getComponentClass().getRegistryType(); + this.attributeStatus = componentIdentifierV2.getAttributeStatus(); + this.version2 = true; + if (componentIdentifierV2.getCertificateIdentifier() != null) { + this.issuerDN = componentIdentifierV2.getCertificateIdentifier().getIssuerDN().toString(); + if (componentIdentifierV2.getComponentPlatformUri() != null) { + this.uniformResourceIdentifier = componentIdentifierV2.getComponentPlatformUri() + .getUniformResourceIdentifier().toString(); } } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java index d8ce5315..201f45e2 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredential.java @@ -355,6 +355,9 @@ public class PlatformCredential extends DeviceAssociatedCertificate { return verifier.verify(attCert.getSignatureValue().getOctets()); } + /** + * @throws IOException + */ private void parseFields() throws IOException { AttributeCertificateInfo certificate = getAttributeCertificate().getAcinfo(); Map policyQualifier = getPolicyQualifier(certificate); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/ComponentIdentifierV2.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/ComponentIdentifierV2.java index e7b4aa5b..633f40c8 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/ComponentIdentifierV2.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/ComponentIdentifierV2.java @@ -239,7 +239,7 @@ public class ComponentIdentifierV2 extends ComponentIdentifier { sb.append(getFieldReplaceable()); } sb.append(", componentAddress="); - if (getComponentAddress().size() > 0) { + if (!getComponentAddress().isEmpty()) { sb.append(getComponentAddress() .stream() .map(Object::toString) diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java index 8e2a4c17..71f6026d 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/V2/PlatformConfigurationV2.java @@ -38,7 +38,7 @@ public class PlatformConfigurationV2 extends PlatformConfiguration { */ public PlatformConfigurationV2(final ASN1Sequence sequence) throws IllegalArgumentException { //Default values - setComponentIdentifier(new ArrayList<>()); + setComponentIdentifierV2(new ArrayList<>()); setComponentIdentifierUri(null); setPlatformProperties(new ArrayList<>()); setPlatformPropertiesUri(null); diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java index 64e567b5..9b56ba37 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/AbstractProcessor.java @@ -193,6 +193,7 @@ public class AbstractProcessor { final EndorsementCredential endorsementCredential, final CertificateRepository certificateRepository) { List platformCredentials = new LinkedList<>(); + if (identityClaim.getPlatformCredentialCount() > 0) { for (ByteString platformCredential : identityClaim.getPlatformCredentialList()) { if (!platformCredential.isEmpty()) { @@ -208,6 +209,7 @@ public class AbstractProcessor { } else { log.warn("No platform credential received in identity claim."); } + return platformCredentials; } @@ -221,7 +223,7 @@ public class AbstractProcessor { private EndorsementCredential getEndorsementCredential( final PublicKey ekPublicKey, final CertificateRepository certificateRepository) { - log.debug("Searching for endorsement credential based on public key: " + ekPublicKey); + log.debug("Searching for endorsement credential based on public key: {}", ekPublicKey); if (ekPublicKey == null) { throw new IllegalArgumentException("Cannot look up an EC given a null public key"); @@ -258,8 +260,6 @@ public class AbstractProcessor { * @param device the device to which the attestation certificate is tied * @param ldevID whether the certificate is a ldevid * @return whether the certificate was saved successfully - * @throws {@link CertificateProcessingException} if error occurs in persisting the Attestation - * Certificate */ public boolean saveAttestationCertificate(final CertificateRepository certificateRepository, final byte[] derEncodedAttestationCertificate, @@ -288,7 +288,7 @@ public class AbstractProcessor { generateCertificate = ldevID ? policySettings.isIssueDevIdCertificate() : policySettings.isIssueAttestationCertificate(); - if (issuedAc != null && issuedAc.size() > 0 + if (issuedAc != null && !issuedAc.isEmpty() && (ldevID ? policySettings.isDevIdExpirationFlag() : policySettings.isGenerateOnExpiration())) { if (issuedAc.get(0).getEndValidity().after(currentDate)) { @@ -324,13 +324,13 @@ public class AbstractProcessor { if (ec == null) { log.warn("Cannot look for platform credential(s). Endorsement credential was null."); } else { - log.debug("Searching for platform credential(s) based on holder serial number: " - + ec.getSerialNumber()); + log.debug("Searching for platform credential(s) based on holder serial number: {}", + ec.getSerialNumber()); credentials = certificateRepository.getByHolderSerialNumber(ec.getSerialNumber()); if (credentials == null || credentials.isEmpty()) { log.warn("No platform credential(s) found"); } else { - log.debug("Platform Credential(s) found: " + credentials.size()); + log.debug("Platform Credential(s) found: {}", credentials.size()); } } diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java index c63b4e36..065a6e30 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/provision/IdentityClaimProcessor.java @@ -20,6 +20,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier; +import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2; import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo; import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo; import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo; @@ -156,6 +157,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { } ByteString blobStr = ByteString.copyFrom(new byte[] {}); + if (validationResult == AppraisalStatus.Status.PASS) { RSAPublicKey akPub = ProvisionUtils.parsePublicKey(claim.getAkPublicArea().toByteArray()); byte[] nonce = ProvisionUtils.generateRandomBytes(NONCE_LENGTH); @@ -173,12 +175,14 @@ public class IdentityClaimProcessor extends AbstractProcessor { if (policySettings != null && policySettings.isIgnoreImaEnabled()) { pcrQuoteMask = PCR_QUOTE_MASK.replace("10,", ""); } + // Package response ProvisionerTpm2.IdentityClaimResponse response = ProvisionerTpm2.IdentityClaimResponse.newBuilder() .setCredentialBlob(blobStr).setPcrMask(pcrQuoteMask) .setStatus(ProvisionerTpm2.ResponseStatus.PASS) .build(); + return response.toByteArray(); } else { log.error("Supply chain validation did not succeed. Result is: {}", validationResult); @@ -201,6 +205,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { */ private AppraisalStatus.Status doSupplyChainValidation( final ProvisionerTpm2.IdentityClaim claim, final PublicKey ekPub) { + // attempt to find an endorsement credential to validate EndorsementCredential endorsementCredential = parseEcFromIdentityClaim(claim, ekPub, certificateRepository); @@ -238,6 +243,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { .findByCertificateSerialNumberAndBoardSerialNumber( platformCredential.getSerialNumber().toString(), platformCredential.getPlatformSerial()); + if (componentResults.isEmpty()) { savePlatformComponents(platformCredential); } else { @@ -254,6 +260,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { endorsementCredential, platformCredentials, device, componentInfoRepository.findByDeviceName(device.getName())); device.setSummaryId(summary.getId().toString()); + // update the validation result in the device AppraisalStatus.Status validationResult = summary.getOverallValidationResult(); device.setSupplyChainValidationStatus(validationResult); @@ -284,13 +291,16 @@ public class IdentityClaimProcessor extends AbstractProcessor { } log.info("Processing Device Info Report"); + // store device and device info report. Device device = null; + if (deviceInfoReport.getNetworkInfo() != null && deviceInfoReport.getNetworkInfo().getHostname() != null && !deviceInfoReport.getNetworkInfo().getHostname().isEmpty()) { device = this.deviceRepository.findByName(deviceInfoReport.getNetworkInfo().getHostname()); } + if (device == null) { device = new Device(deviceInfoReport); } @@ -329,6 +339,7 @@ public class IdentityClaimProcessor extends AbstractProcessor { macAddressBytes[i] = hex.byteValue(); } } + NetworkInfo nw = new NetworkInfo(nwProto.getHostname(), ip, macAddressBytes); // Get firmware info @@ -343,16 +354,19 @@ public class IdentityClaimProcessor extends AbstractProcessor { // Get hardware info ProvisionerTpm2.HardwareInfo hwProto = dv.getHw(); + // Make sure chassis info has at least one chassis String firstChassisSerialNumber = DeviceInfoEnums.NOT_SPECIFIED; if (hwProto.getChassisInfoCount() > 0) { firstChassisSerialNumber = hwProto.getChassisInfo(0).getSerialNumber(); } + // Make sure baseboard info has at least one baseboard String firstBaseboardSerialNumber = DeviceInfoEnums.NOT_SPECIFIED; if (hwProto.getBaseboardInfoCount() > 0) { firstBaseboardSerialNumber = hwProto.getBaseboardInfo(0).getSerialNumber(); } + HardwareInfo hw = new HardwareInfo(hwProto.getManufacturer(), hwProto.getProductName(), hwProto.getProductVersion(), hwProto.getSystemSerialNumber(), firstChassisSerialNumber, firstBaseboardSerialNumber); @@ -618,6 +632,14 @@ public class IdentityClaimProcessor extends AbstractProcessor { return dvReport; } + /** + * Helper method that generates digest records using the provided device's manufacturer and model + * information. + * + * @param manufacturer device manufacturer + * @param model device model + * @return boolean that represents that status of the digest records generation + */ private boolean generateDigestRecords(final String manufacturer, final String model) { List rdValues = new LinkedList<>(); SupportReferenceManifest baseSupportRim = null; @@ -718,21 +740,46 @@ public class IdentityClaimProcessor extends AbstractProcessor { return true; } + /** + * Helper method that saves the provided platform certificate's components in the database. + * + * @param certificate certificate + */ private void savePlatformComponents(final Certificate certificate) { PlatformCredential platformCredential; + if (certificate instanceof PlatformCredential) { platformCredential = (PlatformCredential) certificate; ComponentResult componentResult; - for (ComponentIdentifier componentIdentifier : platformCredential - .getComponentIdentifiers()) { - componentResult = new ComponentResult(platformCredential.getPlatformSerial(), - platformCredential.getSerialNumber().toString(), - platformCredential.getPlatformChainType(), - componentIdentifier); - componentResult.setFailedValidation(false); - componentResult.setDelta(!platformCredential.isPlatformBase()); - componentResultRepository.save(componentResult); + // if the provided platform certificate is version 1.2 + if (platformCredential.getCredentialType().equals(PlatformCredential.CERTIFICATE_TYPE_1_2)) { + + for (ComponentIdentifier componentIdentifier : platformCredential + .getComponentIdentifiers()) { + componentResult = new ComponentResult(platformCredential.getPlatformSerial(), + platformCredential.getSerialNumber().toString(), + platformCredential.getPlatformChainType(), + componentIdentifier); + componentResult.setFailedValidation(false); + componentResult.setDelta(!platformCredential.isPlatformBase()); + componentResultRepository.save(componentResult); + } + + } + // if the provided platform certificate is version 2.0 + else if (platformCredential.getCredentialType() + .equals(PlatformCredential.CERTIFICATE_TYPE_2_0)) { + for (ComponentIdentifierV2 componentIdentifierV2 : platformCredential + .getComponentIdentifiersV2()) { + componentResult = new ComponentResult(platformCredential.getPlatformSerial(), + platformCredential.getSerialNumber().toString(), + platformCredential.getPlatformChainType(), + componentIdentifierV2); + componentResult.setFailedValidation(false); + componentResult.setDelta(!platformCredential.isPlatformBase()); + componentResultRepository.save(componentResult); + } } } } @@ -741,18 +788,15 @@ public class IdentityClaimProcessor extends AbstractProcessor { * Helper method that attempts to find all the provided device's components. * * @param hostName device's host name - * @param paccorString - * @return number of components + * @param paccorString string representation of the paccor tool output */ - private int handleDeviceComponents(final String hostName, final String paccorString) { - int deviceComponents = 0; + private void handleDeviceComponents(final String hostName, final String paccorString) { Map componentInfoMap = new HashMap<>(); + try { List componentInfos = SupplyChainCredentialValidator .getComponentInfoFromPaccorOutput(hostName, paccorString); - deviceComponents = componentInfos.size(); - // check the DB for like component infos List dbComponentInfos = this.componentInfoRepository.findByDeviceName(hostName); dbComponentInfos.forEach((infos) -> { @@ -771,7 +815,5 @@ public class IdentityClaimProcessor extends AbstractProcessor { } catch (IOException ioEx) { log.warn("Error parsing paccor string"); } - - return deviceComponents; } } diff --git a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java index 9db75259..a2c37fd1 100644 --- a/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java +++ b/HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/page/controllers/CertificatePageController.java @@ -19,6 +19,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.IDevIDCertifica import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate; import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential; import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier; +import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2; import hirs.attestationca.persist.util.CredentialHelper; import hirs.attestationca.portal.datatables.DataTableInput; import hirs.attestationca.portal.datatables.DataTableResponse; @@ -165,21 +166,15 @@ public class CertificatePageController extends PageController { * @return the certificate class type */ private static Class getCertificateClass(final String certificateType) { - switch (certificateType) { - case PLATFORMCREDENTIAL: - return PlatformCredential.class; - case ENDORSEMENTCREDENTIAL: - return EndorsementCredential.class; - case ISSUEDCERTIFICATES: - return IssuedAttestationCertificate.class; - case IDEVIDCERTIFICATE: - return IDevIDCertificate.class; - case TRUSTCHAIN: - return CertificateAuthorityCredential.class; - default: - throw new IllegalArgumentException( - String.format("Unknown certificate type: %s", certificateType)); - } + return switch (certificateType) { + case PLATFORMCREDENTIAL -> PlatformCredential.class; + case ENDORSEMENTCREDENTIAL -> EndorsementCredential.class; + case ISSUEDCERTIFICATES -> IssuedAttestationCertificate.class; + case IDEVIDCERTIFICATE -> IDevIDCertificate.class; + case TRUSTCHAIN -> CertificateAuthorityCredential.class; + default -> throw new IllegalArgumentException( + String.format("Unknown certificate type: %s", certificateType)); + }; } /** @@ -312,15 +307,15 @@ public class CertificatePageController extends PageController { .findBySerialNumber(pc.getHolderSerialNumber()); if (associatedEC != null) { - log.debug("EC ID for holder s/n " + pc - .getHolderSerialNumber() + " = " + associatedEC.getId()); + log.debug("EC ID for holder s/n {} = {}", pc + .getHolderSerialNumber(), associatedEC.getId()); } pc.setEndorsementCredential(associatedEC); } } - log.debug("Returning list of size: " + records.size()); + log.debug("Returning list of size: {}", records.size()); return new DataTableResponse<>(records, input); } else if (certificateType.equals(ENDORSEMENTCREDENTIAL)) { FilteredRecordsList records = new FilteredRecordsList<>(); @@ -336,7 +331,7 @@ public class CertificatePageController extends PageController { records.setRecordsFiltered(endorsementCredentialRepository.findByArchiveFlag(false).size()); - log.debug("Returning list of size: " + records.size()); + log.debug("Returning list of size: {}", records.size()); return new DataTableResponse<>(records, input); } else if (certificateType.equals(TRUSTCHAIN)) { FilteredRecordsList records = new FilteredRecordsList<>(); @@ -352,7 +347,7 @@ public class CertificatePageController extends PageController { records.setRecordsFiltered(caCredentialRepository.findByArchiveFlag(false).size()); - log.debug("Returning list of size: " + records.size()); + log.debug("Returning list of size: {}", records.size()); return new DataTableResponse<>(records, input); } else if (certificateType.equals(ISSUEDCERTIFICATES)) { FilteredRecordsList records = new FilteredRecordsList<>(); @@ -384,7 +379,7 @@ public class CertificatePageController extends PageController { records.setRecordsFiltered(iDevIDCertificateRepository.findByArchiveFlag(false).size()); - log.debug("Returning list of size: " + records.size()); + log.debug("Returning list of size: {}", records.size()); return new DataTableResponse<>(records, input); } @@ -443,7 +438,7 @@ public class CertificatePageController extends PageController { @PathVariable("certificateType") final String certificateType, @RequestParam final String id, final RedirectAttributes attr) throws URISyntaxException { - log.info("Handling request to delete " + id); + log.info("Handling request to delete {}", id); Map model = new HashMap<>(); PageMessages messages = new PageMessages(); @@ -506,7 +501,7 @@ public class CertificatePageController extends PageController { * @param id the UUID of the cert to download * @param response the response object (needed to update the header with the * file name) - * @throws java.io.IOException when writing to response output stream + * @throws IOException when writing to response output stream */ @RequestMapping(value = "/{certificateType}/download", method = RequestMethod.GET) public void download( @@ -552,7 +547,7 @@ public class CertificatePageController extends PageController { * * @param response the response object (needed to update the header with the * file name) - * @throws java.io.IOException when writing to response output stream + * @throws IOException when writing to response output stream */ @ResponseBody @RequestMapping(value = "/trust-chain/download-aca-cert", method = RequestMethod.GET) @@ -573,7 +568,7 @@ public class CertificatePageController extends PageController { * * @param response the response object (needed to update the header with the * file name) - * @throws java.io.IOException when writing to response output stream + * @throws IOException when writing to response output stream */ @RequestMapping(value = "/trust-chain/bulk", method = RequestMethod.GET) public void caBulkDownload(final HttpServletResponse response) @@ -605,7 +600,7 @@ public class CertificatePageController extends PageController { * * @param response the response object (needed to update the header with the * file name) - * @throws java.io.IOException when writing to response output stream + * @throws IOException when writing to response output stream */ @RequestMapping(value = "/platform-credentials/bulk", method = RequestMethod.GET) public void pcBulkDownload(final HttpServletResponse response) @@ -637,7 +632,7 @@ public class CertificatePageController extends PageController { * * @param response the response object (needed to update the header with the * file name) - * @throws java.io.IOException when writing to response output stream + * @throws IOException when writing to response output stream */ @RequestMapping(value = "/issued-certificates/bulk", method = RequestMethod.GET) public void icBulkDownload(final HttpServletResponse response) @@ -670,7 +665,7 @@ public class CertificatePageController extends PageController { * * @param response the response object (needed to update the header with the * file name) - * @throws java.io.IOException when writing to response output stream + * @throws IOException when writing to response output stream */ @RequestMapping(value = "/endorsement-key-credentials/bulk", method = RequestMethod.GET) public void ekBulkDownload(final HttpServletResponse response) @@ -696,6 +691,13 @@ public class CertificatePageController extends PageController { } } + /** + * @param zipOut + * @param certificates + * @param singleFileName + * @return + * @throws IOException + */ private ZipOutputStream bulkDownload(final ZipOutputStream zipOut, final List certificates, final String singleFileName) throws IOException { @@ -744,26 +746,21 @@ public class CertificatePageController extends PageController { final String certificateType, final int certificateHash) { - switch (certificateType) { - case PLATFORMCREDENTIAL: - return this.certificateRepository - .findByCertificateHash(certificateHash, - "PlatformCredential"); - case ENDORSEMENTCREDENTIAL: - return this.certificateRepository - .findByCertificateHash(certificateHash, - "EndorsementCredential"); - case TRUSTCHAIN: - return this.certificateRepository - .findByCertificateHash(certificateHash, - "CertificateAuthorityCredential"); - case IDEVIDCERTIFICATE: - return this.certificateRepository - .findByCertificateHash(certificateHash, - "IDevIDCertificate"); - default: - return null; - } + return switch (certificateType) { + case PLATFORMCREDENTIAL -> this.certificateRepository + .findByCertificateHash(certificateHash, + "PlatformCredential"); + case ENDORSEMENTCREDENTIAL -> this.certificateRepository + .findByCertificateHash(certificateHash, + "EndorsementCredential"); + case TRUSTCHAIN -> this.certificateRepository + .findByCertificateHash(certificateHash, + "CertificateAuthorityCredential"); + case IDEVIDCERTIFICATE -> this.certificateRepository + .findByCertificateHash(certificateHash, + "IDevIDCertificate"); + default -> null; + }; } /** @@ -779,11 +776,9 @@ public class CertificatePageController extends PageController { List associatedCertificates = new LinkedList<>(); if (serialNumber != null) { - switch (certificateType) { - case PLATFORMCREDENTIAL: - associatedCertificates.addAll(this.certificateRepository - .byBoardSerialNumber(serialNumber)); - default: + if (certificateType.equals(PLATFORMCREDENTIAL)) { + associatedCertificates.addAll(this.certificateRepository + .byBoardSerialNumber(serialNumber)); } } @@ -1010,6 +1005,11 @@ public class CertificatePageController extends PageController { log.error(failMessage); } + /** + * Helper method that attempts to manage the provided platform certificate's components. + * + * @param certificate certificate + */ private void handlePlatformComponents(final Certificate certificate) { PlatformCredential platformCredential; @@ -1019,17 +1019,38 @@ public class CertificatePageController extends PageController { .findByCertificateSerialNumberAndBoardSerialNumber( platformCredential.getSerialNumber().toString(), platformCredential.getPlatformSerial()); + if (componentResults.isEmpty()) { ComponentResult componentResult; - for (ComponentIdentifier componentIdentifier : platformCredential - .getComponentIdentifiers()) { - componentResult = new ComponentResult(platformCredential.getPlatformSerial(), - platformCredential.getSerialNumber().toString(), - platformCredential.getPlatformChainType(), - componentIdentifier); - componentResult.setFailedValidation(false); - componentResult.setDelta(!platformCredential.isPlatformBase()); - componentResultRepository.save(componentResult); + + // if the provided platform certificate is version 1.2 + if (platformCredential.getCredentialType().equals(PlatformCredential.CERTIFICATE_TYPE_1_2)) { + + for (ComponentIdentifier componentIdentifier : platformCredential + .getComponentIdentifiers()) { + componentResult = new ComponentResult(platformCredential.getPlatformSerial(), + platformCredential.getSerialNumber().toString(), + platformCredential.getPlatformChainType(), + componentIdentifier); + componentResult.setFailedValidation(false); + componentResult.setDelta(!platformCredential.isPlatformBase()); + componentResultRepository.save(componentResult); + } + } + // if the provided platform certificate is version 2.0 + else if (platformCredential.getCredentialType() + .equals(PlatformCredential.CERTIFICATE_TYPE_2_0)) { + + for (ComponentIdentifierV2 componentIdentifierV2 : platformCredential + .getComponentIdentifiersV2()) { + componentResult = new ComponentResult(platformCredential.getPlatformSerial(), + platformCredential.getSerialNumber().toString(), + platformCredential.getPlatformChainType(), + componentIdentifierV2); + componentResult.setFailedValidation(false); + componentResult.setDelta(!platformCredential.isPlatformBase()); + componentResultRepository.save(componentResult); + } } } else { for (ComponentResult componentResult : componentResults) {