Continuing fixing spotbugs for AttestationCA

This commit is contained in:
Cyrus 2023-12-26 08:37:52 -05:00
parent 8c573b0bcd
commit 39da434f1f
6 changed files with 38 additions and 21 deletions

View File

@ -4,6 +4,9 @@
<Match> <Match>
<Package name="~hirs\.attestationca\.configuration*" /> <Package name="~hirs\.attestationca\.configuration*" />
</Match> </Match>
<Match>
<!-- https://github.com/spotbugs/spotbugs/pull/2748 -->
<Bug pattern="CT_CONSTRUCTOR_THROW" />
</Match>
</FindBugsFilter> </FindBugsFilter>

View File

@ -79,4 +79,27 @@ public abstract class AbstractEntity implements Serializable {
public void resetCreateTime() { public void resetCreateTime() {
createTime.setTime(new Date().getTime()); createTime.setTime(new Date().getTime());
} }
@Override
public int hashCode() {
if (id != null) {
return id.hashCode();
}
return super.hashCode();
}
@Override
public boolean equals(final Object object) {
if (this == object) {
return true;
}
if (object == null) {
return false;
}
if (!(this.getClass().equals(object.getClass()))) {
return false;
}
return this.hashCode() == object.hashCode();
}
} }

View File

@ -6,6 +6,7 @@ import jakarta.persistence.Entity;
import jakarta.persistence.Id; import jakarta.persistence.Id;
import jakarta.persistence.Lob; import jakarta.persistence.Lob;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import lombok.extern.log4j.Log4j2;
import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Arrays;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
@ -17,6 +18,7 @@ import java.util.Date;
* This class is for saving the Identity Claim and the Nonce between the two passes of the * This class is for saving the Identity Claim and the Nonce between the two passes of the
* TPM 2.0 Provisioner. * TPM 2.0 Provisioner.
*/ */
@Log4j2
@NoArgsConstructor @NoArgsConstructor
@Entity @Entity
public class TPM2ProvisionerState { public class TPM2ProvisionerState {
@ -100,11 +102,13 @@ public class TPM2ProvisionerState {
try (DataInputStream dis try (DataInputStream dis
= new DataInputStream(new ByteArrayInputStream(nonce))) { = new DataInputStream(new ByteArrayInputStream(nonce))) {
long firstPartOfNonce = dis.readLong(); long firstPartOfNonce = dis.readLong();
TPM2ProvisionerState stateFound = tpm2ProvisionerStateRepository.findByFirstPartOfNonce(firstPartOfNonce); TPM2ProvisionerState stateFound = tpm2ProvisionerStateRepository
if (Arrays.areEqual(stateFound.getNonce(), nonce)) { .findByFirstPartOfNonce(firstPartOfNonce);
if (stateFound != null && Arrays.areEqual(stateFound.getNonce(), nonce)) {
return stateFound; return stateFound;
} }
} catch (IOException | NullPointerException e) { } catch (IOException ioEx) {
log.error(ioEx.getMessage());
return null; return null;
} }
return null; return null;

View File

@ -314,7 +314,7 @@ public class IdentityClaimProcessor extends AbstractProcessor {
Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)"); Pattern pattern = Pattern.compile("([^\\s]+(\\.(?i)(rimpcr|rimel|bin|log))$)");
Matcher matcher; Matcher matcher;
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256"); MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
List<ReferenceManifest> listOfSavedRims = new LinkedList<>(); // List<ReferenceManifest> listOfSavedRims = new LinkedList<>();
if (dv.getLogfileCount() > 0) { if (dv.getLogfileCount() > 0) {
for (ByteString logFile : dv.getLogfileList()) { for (ByteString logFile : dv.getLogfileList()) {
@ -424,11 +424,11 @@ public class IdentityClaimProcessor extends AbstractProcessor {
dbSupport.setUpdated(true); dbSupport.setUpdated(true);
dbSupport.setAssociatedRim(dbBaseRim.getId()); dbSupport.setAssociatedRim(dbBaseRim.getId());
this.referenceManifestRepository.save(dbSupport); this.referenceManifestRepository.save(dbSupport);
listOfSavedRims.add(dbSupport); // listOfSavedRims.add(dbSupport);
} }
} }
this.referenceManifestRepository.save(dbBaseRim); this.referenceManifestRepository.save(dbBaseRim);
listOfSavedRims.add(dbBaseRim); // listOfSavedRims.add(dbBaseRim);
} }
} }

View File

@ -44,14 +44,6 @@ public class CertificateAttributeScvValidator extends SupplyChainCredentialValid
private static List<ComponentResult> componentResultList = new LinkedList<>(); private static List<ComponentResult> componentResultList = new LinkedList<>();
/**
* Setter for the list of components to verify.
* @param componentResultList list object for the components
*/
public void setComponentResultList(final List<ComponentResult> componentResultList) {
this.componentResultList = componentResultList.stream().toList();
}
/** /**
* Getter for the list of components to verify. * Getter for the list of components to verify.
* @return a collection of components * @return a collection of components

View File

@ -45,9 +45,7 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
String[] baseline = new String[Integer.SIZE]; String[] baseline = new String[Integer.SIZE];
AppraisalStatus fwStatus = null; AppraisalStatus fwStatus = null;
String hostName = device.getDeviceInfo().getNetworkInfo().getHostname(); String hostName = device.getDeviceInfo().getNetworkInfo().getHostname();
String manufacturer = device.getDeviceInfo() // ReferenceManifest validationObject;
.getHardwareInfo().getManufacturer();
ReferenceManifest validationObject;
List<BaseReferenceManifest> baseReferenceManifests = null; List<BaseReferenceManifest> baseReferenceManifests = null;
BaseReferenceManifest baseReferenceManifest = null; BaseReferenceManifest baseReferenceManifest = null;
ReferenceManifest supportReferenceManifest = null; ReferenceManifest supportReferenceManifest = null;
@ -80,7 +78,6 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
failedString += "Bios measurement"; failedString += "Bios measurement";
passed = false; passed = false;
} }
validationObject = measurement;
if (passed) { if (passed) {
List<SwidResource> resources = List<SwidResource> resources =
@ -109,7 +106,6 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
passed = false; passed = false;
fwStatus = new AppraisalStatus(FAIL, fwStatus = new AppraisalStatus(FAIL,
"Firmware validation failed: invalid certificate path."); "Firmware validation failed: invalid certificate path.");
validationObject = baseReferenceManifest;
} }
} catch (IOException ioEx) { } catch (IOException ioEx) {
log.error("Error getting X509 cert from manager: " + ioEx.getMessage()); log.error("Error getting X509 cert from manager: " + ioEx.getMessage());
@ -224,7 +220,6 @@ public class FirmwareScvValidator extends SupplyChainCredentialValidator {
if (!tpmPcrEvents.isEmpty()) { if (!tpmPcrEvents.isEmpty()) {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
validationObject = measurement;
sb.append(String.format("%d digest(s) were not found:%n", sb.append(String.format("%d digest(s) were not found:%n",
tpmPcrEvents.size())); tpmPcrEvents.size()));
for (TpmPcrEvent tpe : tpmPcrEvents) { for (TpmPcrEvent tpe : tpmPcrEvents) {