mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-03-11 15:04:15 +00:00
issue_896: slowly introducing component identifier v2 into multiple spots throughout out the app. Seems like we need to ensure that when we try to parse the pc from the identity claim, it needs to recognize the new kind of identifier.
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
Some checks failed
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (ubuntu-20.04) (push) Has been cancelled
Dotnet Provisioner Unit Tests / Restore and Run Unit Tests (windows-2022) (push) Has been cancelled
HIRS Build and Unit Test / ACA_Provisioner_Unit_Tests (push) Has been cancelled
HIRS System Tests / DockerTests (push) Has been cancelled
Dotnet Provisioner Unit Tests / Evaluate Tests (push) Has been cancelled
This commit is contained in:
TheSilentCoder
parent
9e94a527af
commit
2f96fb0606
@ -121,23 +121,46 @@ public class ComponentResult extends ArchivableEntity {
|
||||
element.getAddressValue().toString()));
|
||||
}
|
||||
componentAddress = sb.toString();
|
||||
|
||||
// V2 fields
|
||||
if (componentIdentifier.isVersion2()
|
||||
&& componentIdentifier instanceof ComponentIdentifierV2 ciV2) {
|
||||
// this is a downside of findbugs, the code is set up to indicate if a CI is V2 or not
|
||||
// but find bugs is throwing a flag because instanceof isn't being used.
|
||||
this.componentClassValue = ciV2.getComponentClass().getComponentIdentifier();
|
||||
this.componentClassStr = ciV2.getComponentClass().toString();
|
||||
this.componentClassType = ciV2.getComponentClass().getRegistryType();
|
||||
this.attributeStatus = ciV2.getAttributeStatus();
|
||||
this.version2 = true;
|
||||
if (ciV2.getCertificateIdentifier() != null) {
|
||||
this.issuerDN = ciV2.getCertificateIdentifier().getIssuerDN().toString();
|
||||
if (ciV2.getComponentPlatformUri() != null) {
|
||||
this.uniformResourceIdentifier = ciV2.getComponentPlatformUri()
|
||||
.getUniformResourceIdentifier().toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param boardSerialNumber
|
||||
* @param certificateSerialNumber
|
||||
* @param certificateType
|
||||
* @param componentIdentifierV2
|
||||
*/
|
||||
public ComponentResult(final String boardSerialNumber, final String certificateSerialNumber,
|
||||
final String certificateType,
|
||||
final ComponentIdentifierV2 componentIdentifierV2) {
|
||||
|
||||
this.boardSerialNumber = boardSerialNumber;
|
||||
this.certificateSerialNumber = certificateSerialNumber;
|
||||
this.certificateType = certificateType;
|
||||
this.manufacturer = componentIdentifierV2.getComponentManufacturer().toString();
|
||||
this.model = componentIdentifierV2.getComponentModel().toString();
|
||||
this.serialNumber = componentIdentifierV2.getComponentSerial().toString();
|
||||
this.revisionNumber = componentIdentifierV2.getComponentRevision().toString();
|
||||
if (componentIdentifierV2.getFieldReplaceable() != null) {
|
||||
this.fieldReplaceable = componentIdentifierV2.getFieldReplaceable().isTrue();
|
||||
}
|
||||
|
||||
StringBuilder sb = new StringBuilder();
|
||||
for (ComponentAddress element : componentIdentifierV2.getComponentAddress()) {
|
||||
sb.append(String.format("%s:%s;", element.getAddressTypeValue(),
|
||||
element.getAddressValue().toString()));
|
||||
}
|
||||
componentAddress = sb.toString();
|
||||
|
||||
this.componentClassValue = componentIdentifierV2.getComponentClass().getComponentIdentifier();
|
||||
this.componentClassStr = componentIdentifierV2.getComponentClass().toString();
|
||||
this.componentClassType = componentIdentifierV2.getComponentClass().getRegistryType();
|
||||
this.attributeStatus = componentIdentifierV2.getAttributeStatus();
|
||||
this.version2 = true;
|
||||
if (componentIdentifierV2.getCertificateIdentifier() != null) {
|
||||
this.issuerDN = componentIdentifierV2.getCertificateIdentifier().getIssuerDN().toString();
|
||||
if (componentIdentifierV2.getComponentPlatformUri() != null) {
|
||||
this.uniformResourceIdentifier = componentIdentifierV2.getComponentPlatformUri()
|
||||
.getUniformResourceIdentifier().toString();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -355,6 +355,9 @@ public class PlatformCredential extends DeviceAssociatedCertificate {
|
||||
return verifier.verify(attCert.getSignatureValue().getOctets());
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws IOException
|
||||
*/
|
||||
private void parseFields() throws IOException {
|
||||
AttributeCertificateInfo certificate = getAttributeCertificate().getAcinfo();
|
||||
Map<String, String> policyQualifier = getPolicyQualifier(certificate);
|
||||
|
||||
@ -239,7 +239,7 @@ public class ComponentIdentifierV2 extends ComponentIdentifier {
|
||||
sb.append(getFieldReplaceable());
|
||||
}
|
||||
sb.append(", componentAddress=");
|
||||
if (getComponentAddress().size() > 0) {
|
||||
if (!getComponentAddress().isEmpty()) {
|
||||
sb.append(getComponentAddress()
|
||||
.stream()
|
||||
.map(Object::toString)
|
||||
|
||||
@ -38,7 +38,7 @@ public class PlatformConfigurationV2 extends PlatformConfiguration {
|
||||
*/
|
||||
public PlatformConfigurationV2(final ASN1Sequence sequence) throws IllegalArgumentException {
|
||||
//Default values
|
||||
setComponentIdentifier(new ArrayList<>());
|
||||
setComponentIdentifierV2(new ArrayList<>());
|
||||
setComponentIdentifierUri(null);
|
||||
setPlatformProperties(new ArrayList<>());
|
||||
setPlatformPropertiesUri(null);
|
||||
|
||||
@ -193,6 +193,7 @@ public class AbstractProcessor {
|
||||
final EndorsementCredential endorsementCredential,
|
||||
final CertificateRepository certificateRepository) {
|
||||
List<PlatformCredential> platformCredentials = new LinkedList<>();
|
||||
|
||||
if (identityClaim.getPlatformCredentialCount() > 0) {
|
||||
for (ByteString platformCredential : identityClaim.getPlatformCredentialList()) {
|
||||
if (!platformCredential.isEmpty()) {
|
||||
@ -208,6 +209,7 @@ public class AbstractProcessor {
|
||||
} else {
|
||||
log.warn("No platform credential received in identity claim.");
|
||||
}
|
||||
|
||||
return platformCredentials;
|
||||
}
|
||||
|
||||
@ -221,7 +223,7 @@ public class AbstractProcessor {
|
||||
private EndorsementCredential getEndorsementCredential(
|
||||
final PublicKey ekPublicKey,
|
||||
final CertificateRepository certificateRepository) {
|
||||
log.debug("Searching for endorsement credential based on public key: " + ekPublicKey);
|
||||
log.debug("Searching for endorsement credential based on public key: {}", ekPublicKey);
|
||||
|
||||
if (ekPublicKey == null) {
|
||||
throw new IllegalArgumentException("Cannot look up an EC given a null public key");
|
||||
@ -258,8 +260,6 @@ public class AbstractProcessor {
|
||||
* @param device the device to which the attestation certificate is tied
|
||||
* @param ldevID whether the certificate is a ldevid
|
||||
* @return whether the certificate was saved successfully
|
||||
* @throws {@link CertificateProcessingException} if error occurs in persisting the Attestation
|
||||
* Certificate
|
||||
*/
|
||||
public boolean saveAttestationCertificate(final CertificateRepository certificateRepository,
|
||||
final byte[] derEncodedAttestationCertificate,
|
||||
@ -288,7 +288,7 @@ public class AbstractProcessor {
|
||||
generateCertificate = ldevID ? policySettings.isIssueDevIdCertificate()
|
||||
: policySettings.isIssueAttestationCertificate();
|
||||
|
||||
if (issuedAc != null && issuedAc.size() > 0
|
||||
if (issuedAc != null && !issuedAc.isEmpty()
|
||||
&& (ldevID ? policySettings.isDevIdExpirationFlag()
|
||||
: policySettings.isGenerateOnExpiration())) {
|
||||
if (issuedAc.get(0).getEndValidity().after(currentDate)) {
|
||||
@ -324,13 +324,13 @@ public class AbstractProcessor {
|
||||
if (ec == null) {
|
||||
log.warn("Cannot look for platform credential(s). Endorsement credential was null.");
|
||||
} else {
|
||||
log.debug("Searching for platform credential(s) based on holder serial number: "
|
||||
+ ec.getSerialNumber());
|
||||
log.debug("Searching for platform credential(s) based on holder serial number: {}",
|
||||
ec.getSerialNumber());
|
||||
credentials = certificateRepository.getByHolderSerialNumber(ec.getSerialNumber());
|
||||
if (credentials == null || credentials.isEmpty()) {
|
||||
log.warn("No platform credential(s) found");
|
||||
} else {
|
||||
log.debug("Platform Credential(s) found: " + credentials.size());
|
||||
log.debug("Platform Credential(s) found: {}", credentials.size());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -20,6 +20,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.ComponentResult
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
|
||||
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
|
||||
@ -156,6 +157,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
}
|
||||
|
||||
ByteString blobStr = ByteString.copyFrom(new byte[] {});
|
||||
|
||||
if (validationResult == AppraisalStatus.Status.PASS) {
|
||||
RSAPublicKey akPub = ProvisionUtils.parsePublicKey(claim.getAkPublicArea().toByteArray());
|
||||
byte[] nonce = ProvisionUtils.generateRandomBytes(NONCE_LENGTH);
|
||||
@ -173,12 +175,14 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
if (policySettings != null && policySettings.isIgnoreImaEnabled()) {
|
||||
pcrQuoteMask = PCR_QUOTE_MASK.replace("10,", "");
|
||||
}
|
||||
|
||||
// Package response
|
||||
ProvisionerTpm2.IdentityClaimResponse response
|
||||
= ProvisionerTpm2.IdentityClaimResponse.newBuilder()
|
||||
.setCredentialBlob(blobStr).setPcrMask(pcrQuoteMask)
|
||||
.setStatus(ProvisionerTpm2.ResponseStatus.PASS)
|
||||
.build();
|
||||
|
||||
return response.toByteArray();
|
||||
} else {
|
||||
log.error("Supply chain validation did not succeed. Result is: {}", validationResult);
|
||||
@ -201,6 +205,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
*/
|
||||
private AppraisalStatus.Status doSupplyChainValidation(
|
||||
final ProvisionerTpm2.IdentityClaim claim, final PublicKey ekPub) {
|
||||
|
||||
// attempt to find an endorsement credential to validate
|
||||
EndorsementCredential endorsementCredential =
|
||||
parseEcFromIdentityClaim(claim, ekPub, certificateRepository);
|
||||
@ -238,6 +243,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
.findByCertificateSerialNumberAndBoardSerialNumber(
|
||||
platformCredential.getSerialNumber().toString(),
|
||||
platformCredential.getPlatformSerial());
|
||||
|
||||
if (componentResults.isEmpty()) {
|
||||
savePlatformComponents(platformCredential);
|
||||
} else {
|
||||
@ -254,6 +260,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
endorsementCredential, platformCredentials, device,
|
||||
componentInfoRepository.findByDeviceName(device.getName()));
|
||||
device.setSummaryId(summary.getId().toString());
|
||||
|
||||
// update the validation result in the device
|
||||
AppraisalStatus.Status validationResult = summary.getOverallValidationResult();
|
||||
device.setSupplyChainValidationStatus(validationResult);
|
||||
@ -284,13 +291,16 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
}
|
||||
|
||||
log.info("Processing Device Info Report");
|
||||
|
||||
// store device and device info report.
|
||||
Device device = null;
|
||||
|
||||
if (deviceInfoReport.getNetworkInfo() != null
|
||||
&& deviceInfoReport.getNetworkInfo().getHostname() != null
|
||||
&& !deviceInfoReport.getNetworkInfo().getHostname().isEmpty()) {
|
||||
device = this.deviceRepository.findByName(deviceInfoReport.getNetworkInfo().getHostname());
|
||||
}
|
||||
|
||||
if (device == null) {
|
||||
device = new Device(deviceInfoReport);
|
||||
}
|
||||
@ -329,6 +339,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
macAddressBytes[i] = hex.byteValue();
|
||||
}
|
||||
}
|
||||
|
||||
NetworkInfo nw = new NetworkInfo(nwProto.getHostname(), ip, macAddressBytes);
|
||||
|
||||
// Get firmware info
|
||||
@ -343,16 +354,19 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
|
||||
// Get hardware info
|
||||
ProvisionerTpm2.HardwareInfo hwProto = dv.getHw();
|
||||
|
||||
// Make sure chassis info has at least one chassis
|
||||
String firstChassisSerialNumber = DeviceInfoEnums.NOT_SPECIFIED;
|
||||
if (hwProto.getChassisInfoCount() > 0) {
|
||||
firstChassisSerialNumber = hwProto.getChassisInfo(0).getSerialNumber();
|
||||
}
|
||||
|
||||
// Make sure baseboard info has at least one baseboard
|
||||
String firstBaseboardSerialNumber = DeviceInfoEnums.NOT_SPECIFIED;
|
||||
if (hwProto.getBaseboardInfoCount() > 0) {
|
||||
firstBaseboardSerialNumber = hwProto.getBaseboardInfo(0).getSerialNumber();
|
||||
}
|
||||
|
||||
HardwareInfo hw = new HardwareInfo(hwProto.getManufacturer(), hwProto.getProductName(),
|
||||
hwProto.getProductVersion(), hwProto.getSystemSerialNumber(),
|
||||
firstChassisSerialNumber, firstBaseboardSerialNumber);
|
||||
@ -618,6 +632,14 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
return dvReport;
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method that generates digest records using the provided device's manufacturer and model
|
||||
* information.
|
||||
*
|
||||
* @param manufacturer device manufacturer
|
||||
* @param model device model
|
||||
* @return boolean that represents that status of the digest records generation
|
||||
*/
|
||||
private boolean generateDigestRecords(final String manufacturer, final String model) {
|
||||
List<ReferenceDigestValue> rdValues = new LinkedList<>();
|
||||
SupportReferenceManifest baseSupportRim = null;
|
||||
@ -718,14 +740,23 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method that saves the provided platform certificate's components in the database.
|
||||
*
|
||||
* @param certificate certificate
|
||||
*/
|
||||
private void savePlatformComponents(final Certificate certificate) {
|
||||
PlatformCredential platformCredential;
|
||||
|
||||
if (certificate instanceof PlatformCredential) {
|
||||
platformCredential = (PlatformCredential) certificate;
|
||||
ComponentResult componentResult;
|
||||
|
||||
// if the provided platform certificate is version 1.2
|
||||
if (platformCredential.getCredentialType().equals(PlatformCredential.CERTIFICATE_TYPE_1_2)) {
|
||||
|
||||
for (ComponentIdentifier componentIdentifier : platformCredential
|
||||
.getComponentIdentifiers()) {
|
||||
|
||||
componentResult = new ComponentResult(platformCredential.getPlatformSerial(),
|
||||
platformCredential.getSerialNumber().toString(),
|
||||
platformCredential.getPlatformChainType(),
|
||||
@ -734,6 +765,22 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
componentResult.setDelta(!platformCredential.isPlatformBase());
|
||||
componentResultRepository.save(componentResult);
|
||||
}
|
||||
|
||||
}
|
||||
// if the provided platform certificate is version 2.0
|
||||
else if (platformCredential.getCredentialType()
|
||||
.equals(PlatformCredential.CERTIFICATE_TYPE_2_0)) {
|
||||
for (ComponentIdentifierV2 componentIdentifierV2 : platformCredential
|
||||
.getComponentIdentifiersV2()) {
|
||||
componentResult = new ComponentResult(platformCredential.getPlatformSerial(),
|
||||
platformCredential.getSerialNumber().toString(),
|
||||
platformCredential.getPlatformChainType(),
|
||||
componentIdentifierV2);
|
||||
componentResult.setFailedValidation(false);
|
||||
componentResult.setDelta(!platformCredential.isPlatformBase());
|
||||
componentResultRepository.save(componentResult);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -741,18 +788,15 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
* Helper method that attempts to find all the provided device's components.
|
||||
*
|
||||
* @param hostName device's host name
|
||||
* @param paccorString
|
||||
* @return number of components
|
||||
* @param paccorString string representation of the paccor tool output
|
||||
*/
|
||||
private int handleDeviceComponents(final String hostName, final String paccorString) {
|
||||
int deviceComponents = 0;
|
||||
private void handleDeviceComponents(final String hostName, final String paccorString) {
|
||||
Map<Integer, ComponentInfo> componentInfoMap = new HashMap<>();
|
||||
|
||||
try {
|
||||
List<ComponentInfo> componentInfos = SupplyChainCredentialValidator
|
||||
.getComponentInfoFromPaccorOutput(hostName, paccorString);
|
||||
|
||||
deviceComponents = componentInfos.size();
|
||||
|
||||
// check the DB for like component infos
|
||||
List<ComponentInfo> dbComponentInfos = this.componentInfoRepository.findByDeviceName(hostName);
|
||||
dbComponentInfos.forEach((infos) -> {
|
||||
@ -771,7 +815,5 @@ public class IdentityClaimProcessor extends AbstractProcessor {
|
||||
} catch (IOException ioEx) {
|
||||
log.warn("Error parsing paccor string");
|
||||
}
|
||||
|
||||
return deviceComponents;
|
||||
}
|
||||
}
|
||||
|
||||
@ -19,6 +19,7 @@ import hirs.attestationca.persist.entity.userdefined.certificate.IDevIDCertifica
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
|
||||
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.ComponentIdentifierV2;
|
||||
import hirs.attestationca.persist.util.CredentialHelper;
|
||||
import hirs.attestationca.portal.datatables.DataTableInput;
|
||||
import hirs.attestationca.portal.datatables.DataTableResponse;
|
||||
@ -165,21 +166,15 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
* @return the certificate class type
|
||||
*/
|
||||
private static Class<? extends Certificate> getCertificateClass(final String certificateType) {
|
||||
switch (certificateType) {
|
||||
case PLATFORMCREDENTIAL:
|
||||
return PlatformCredential.class;
|
||||
case ENDORSEMENTCREDENTIAL:
|
||||
return EndorsementCredential.class;
|
||||
case ISSUEDCERTIFICATES:
|
||||
return IssuedAttestationCertificate.class;
|
||||
case IDEVIDCERTIFICATE:
|
||||
return IDevIDCertificate.class;
|
||||
case TRUSTCHAIN:
|
||||
return CertificateAuthorityCredential.class;
|
||||
default:
|
||||
throw new IllegalArgumentException(
|
||||
return switch (certificateType) {
|
||||
case PLATFORMCREDENTIAL -> PlatformCredential.class;
|
||||
case ENDORSEMENTCREDENTIAL -> EndorsementCredential.class;
|
||||
case ISSUEDCERTIFICATES -> IssuedAttestationCertificate.class;
|
||||
case IDEVIDCERTIFICATE -> IDevIDCertificate.class;
|
||||
case TRUSTCHAIN -> CertificateAuthorityCredential.class;
|
||||
default -> throw new IllegalArgumentException(
|
||||
String.format("Unknown certificate type: %s", certificateType));
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
@ -312,15 +307,15 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
.findBySerialNumber(pc.getHolderSerialNumber());
|
||||
|
||||
if (associatedEC != null) {
|
||||
log.debug("EC ID for holder s/n " + pc
|
||||
.getHolderSerialNumber() + " = " + associatedEC.getId());
|
||||
log.debug("EC ID for holder s/n {} = {}", pc
|
||||
.getHolderSerialNumber(), associatedEC.getId());
|
||||
}
|
||||
|
||||
pc.setEndorsementCredential(associatedEC);
|
||||
}
|
||||
}
|
||||
|
||||
log.debug("Returning list of size: " + records.size());
|
||||
log.debug("Returning list of size: {}", records.size());
|
||||
return new DataTableResponse<>(records, input);
|
||||
} else if (certificateType.equals(ENDORSEMENTCREDENTIAL)) {
|
||||
FilteredRecordsList<EndorsementCredential> records = new FilteredRecordsList<>();
|
||||
@ -336,7 +331,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
|
||||
records.setRecordsFiltered(endorsementCredentialRepository.findByArchiveFlag(false).size());
|
||||
|
||||
log.debug("Returning list of size: " + records.size());
|
||||
log.debug("Returning list of size: {}", records.size());
|
||||
return new DataTableResponse<>(records, input);
|
||||
} else if (certificateType.equals(TRUSTCHAIN)) {
|
||||
FilteredRecordsList<CertificateAuthorityCredential> records = new FilteredRecordsList<>();
|
||||
@ -352,7 +347,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
|
||||
records.setRecordsFiltered(caCredentialRepository.findByArchiveFlag(false).size());
|
||||
|
||||
log.debug("Returning list of size: " + records.size());
|
||||
log.debug("Returning list of size: {}", records.size());
|
||||
return new DataTableResponse<>(records, input);
|
||||
} else if (certificateType.equals(ISSUEDCERTIFICATES)) {
|
||||
FilteredRecordsList<IssuedAttestationCertificate> records = new FilteredRecordsList<>();
|
||||
@ -384,7 +379,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
|
||||
records.setRecordsFiltered(iDevIDCertificateRepository.findByArchiveFlag(false).size());
|
||||
|
||||
log.debug("Returning list of size: " + records.size());
|
||||
log.debug("Returning list of size: {}", records.size());
|
||||
return new DataTableResponse<>(records, input);
|
||||
}
|
||||
|
||||
@ -443,7 +438,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
@PathVariable("certificateType") final String certificateType,
|
||||
@RequestParam final String id,
|
||||
final RedirectAttributes attr) throws URISyntaxException {
|
||||
log.info("Handling request to delete " + id);
|
||||
log.info("Handling request to delete {}", id);
|
||||
|
||||
Map<String, Object> model = new HashMap<>();
|
||||
PageMessages messages = new PageMessages();
|
||||
@ -506,7 +501,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
* @param id the UUID of the cert to download
|
||||
* @param response the response object (needed to update the header with the
|
||||
* file name)
|
||||
* @throws java.io.IOException when writing to response output stream
|
||||
* @throws IOException when writing to response output stream
|
||||
*/
|
||||
@RequestMapping(value = "/{certificateType}/download", method = RequestMethod.GET)
|
||||
public void download(
|
||||
@ -552,7 +547,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
*
|
||||
* @param response the response object (needed to update the header with the
|
||||
* file name)
|
||||
* @throws java.io.IOException when writing to response output stream
|
||||
* @throws IOException when writing to response output stream
|
||||
*/
|
||||
@ResponseBody
|
||||
@RequestMapping(value = "/trust-chain/download-aca-cert", method = RequestMethod.GET)
|
||||
@ -573,7 +568,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
*
|
||||
* @param response the response object (needed to update the header with the
|
||||
* file name)
|
||||
* @throws java.io.IOException when writing to response output stream
|
||||
* @throws IOException when writing to response output stream
|
||||
*/
|
||||
@RequestMapping(value = "/trust-chain/bulk", method = RequestMethod.GET)
|
||||
public void caBulkDownload(final HttpServletResponse response)
|
||||
@ -605,7 +600,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
*
|
||||
* @param response the response object (needed to update the header with the
|
||||
* file name)
|
||||
* @throws java.io.IOException when writing to response output stream
|
||||
* @throws IOException when writing to response output stream
|
||||
*/
|
||||
@RequestMapping(value = "/platform-credentials/bulk", method = RequestMethod.GET)
|
||||
public void pcBulkDownload(final HttpServletResponse response)
|
||||
@ -637,7 +632,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
*
|
||||
* @param response the response object (needed to update the header with the
|
||||
* file name)
|
||||
* @throws java.io.IOException when writing to response output stream
|
||||
* @throws IOException when writing to response output stream
|
||||
*/
|
||||
@RequestMapping(value = "/issued-certificates/bulk", method = RequestMethod.GET)
|
||||
public void icBulkDownload(final HttpServletResponse response)
|
||||
@ -670,7 +665,7 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
*
|
||||
* @param response the response object (needed to update the header with the
|
||||
* file name)
|
||||
* @throws java.io.IOException when writing to response output stream
|
||||
* @throws IOException when writing to response output stream
|
||||
*/
|
||||
@RequestMapping(value = "/endorsement-key-credentials/bulk", method = RequestMethod.GET)
|
||||
public void ekBulkDownload(final HttpServletResponse response)
|
||||
@ -696,6 +691,13 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param zipOut
|
||||
* @param certificates
|
||||
* @param singleFileName
|
||||
* @return
|
||||
* @throws IOException
|
||||
*/
|
||||
private ZipOutputStream bulkDownload(final ZipOutputStream zipOut,
|
||||
final List<Certificate> certificates,
|
||||
final String singleFileName) throws IOException {
|
||||
@ -744,26 +746,21 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
final String certificateType,
|
||||
final int certificateHash) {
|
||||
|
||||
switch (certificateType) {
|
||||
case PLATFORMCREDENTIAL:
|
||||
return this.certificateRepository
|
||||
return switch (certificateType) {
|
||||
case PLATFORMCREDENTIAL -> this.certificateRepository
|
||||
.findByCertificateHash(certificateHash,
|
||||
"PlatformCredential");
|
||||
case ENDORSEMENTCREDENTIAL:
|
||||
return this.certificateRepository
|
||||
case ENDORSEMENTCREDENTIAL -> this.certificateRepository
|
||||
.findByCertificateHash(certificateHash,
|
||||
"EndorsementCredential");
|
||||
case TRUSTCHAIN:
|
||||
return this.certificateRepository
|
||||
case TRUSTCHAIN -> this.certificateRepository
|
||||
.findByCertificateHash(certificateHash,
|
||||
"CertificateAuthorityCredential");
|
||||
case IDEVIDCERTIFICATE:
|
||||
return this.certificateRepository
|
||||
case IDEVIDCERTIFICATE -> this.certificateRepository
|
||||
.findByCertificateHash(certificateHash,
|
||||
"IDevIDCertificate");
|
||||
default:
|
||||
return null;
|
||||
}
|
||||
default -> null;
|
||||
};
|
||||
}
|
||||
|
||||
/**
|
||||
@ -779,11 +776,9 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
List<PlatformCredential> associatedCertificates = new LinkedList<>();
|
||||
|
||||
if (serialNumber != null) {
|
||||
switch (certificateType) {
|
||||
case PLATFORMCREDENTIAL:
|
||||
if (certificateType.equals(PLATFORMCREDENTIAL)) {
|
||||
associatedCertificates.addAll(this.certificateRepository
|
||||
.byBoardSerialNumber(serialNumber));
|
||||
default:
|
||||
}
|
||||
}
|
||||
|
||||
@ -1010,6 +1005,11 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
log.error(failMessage);
|
||||
}
|
||||
|
||||
/**
|
||||
* Helper method that attempts to manage the provided platform certificate's components.
|
||||
*
|
||||
* @param certificate certificate
|
||||
*/
|
||||
private void handlePlatformComponents(final Certificate certificate) {
|
||||
PlatformCredential platformCredential;
|
||||
|
||||
@ -1019,8 +1019,13 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
.findByCertificateSerialNumberAndBoardSerialNumber(
|
||||
platformCredential.getSerialNumber().toString(),
|
||||
platformCredential.getPlatformSerial());
|
||||
|
||||
if (componentResults.isEmpty()) {
|
||||
ComponentResult componentResult;
|
||||
|
||||
// if the provided platform certificate is version 1.2
|
||||
if (platformCredential.getCredentialType().equals(PlatformCredential.CERTIFICATE_TYPE_1_2)) {
|
||||
|
||||
for (ComponentIdentifier componentIdentifier : platformCredential
|
||||
.getComponentIdentifiers()) {
|
||||
componentResult = new ComponentResult(platformCredential.getPlatformSerial(),
|
||||
@ -1031,6 +1036,22 @@ public class CertificatePageController extends PageController<NoPageParams> {
|
||||
componentResult.setDelta(!platformCredential.isPlatformBase());
|
||||
componentResultRepository.save(componentResult);
|
||||
}
|
||||
}
|
||||
// if the provided platform certificate is version 2.0
|
||||
else if (platformCredential.getCredentialType()
|
||||
.equals(PlatformCredential.CERTIFICATE_TYPE_2_0)) {
|
||||
|
||||
for (ComponentIdentifierV2 componentIdentifierV2 : platformCredential
|
||||
.getComponentIdentifiersV2()) {
|
||||
componentResult = new ComponentResult(platformCredential.getPlatformSerial(),
|
||||
platformCredential.getSerialNumber().toString(),
|
||||
platformCredential.getPlatformChainType(),
|
||||
componentIdentifierV2);
|
||||
componentResult.setFailedValidation(false);
|
||||
componentResult.setDelta(!platformCredential.isPlatformBase());
|
||||
componentResultRepository.save(componentResult);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
for (ComponentResult componentResult : componentResults) {
|
||||
componentResult.restore();
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user