[#91] Add Authority Information Access to Issuer field of Attribute Certificates (#92)

* Updated code base for Attribute Certificates.  They are currently not showing Authority Information Access in the Issuer field on the certificate details page.  The code was not written to handle this
or to set it.

* Updated unit tests to test Authority Info Access and Key Identifier.

* Adding extra certificates to be used in the new tests.

* Updated unit test, the new tests were missing the @Test parameter.

HIRS_AttestationCAPortal/src/main/java/hirs/attestationca/portal/util/CertificateStringMapBuilder.java

@@ -49,6 +49,7 @@ public final class CertificateStringMapBuilder {
                 data.put("authSerialNumber", Long.toHexString(certificate
                         .getAuthoritySerialNumber().longValue()));
             }
+            data.put("authInfoAccess", certificate.getAuthInfoAccess());
             data.put("beginValidity", certificate.getBeginValidity().toString());
             data.put("endValidity", certificate.getEndValidity().toString());
             data.put("signature", Arrays.toString(certificate.getSignature()));
@@ -207,7 +208,6 @@ public final class CertificateStringMapBuilder {
             //x509 credential version
             data.put("x509Version", Integer.toString(certificate
                     .getX509CredentialVersion()));
-            data.put("authInfoAccess", certificate.getAuthInfoAccess());
             data.put("credentialType", certificate.getCredentialType());
         } else {
             LOGGER.error(notFoundMessage);
@@ -237,7 +237,6 @@ public final class CertificateStringMapBuilder {
             data.put("version", certificate.getVersion());
             data.put("policyReference", certificate.getPolicyReference());
             data.put("crlPoints", certificate.getCrlPoints());
-            data.put("authInfoAccess", certificate.getAuthInfoAccess());
             data.put("credentialType", certificate.getCredentialType());
             //x509 credential version
             data.put("x509Version", Integer.toString(certificate

HIRS_Utils/src/main/java/hirs/data/persist/certificate/Certificate.java

@@ -365,7 +365,8 @@ public abstract class Certificate extends ArchivableEntity {
                         .getInstance((DLSequence) getExtensionValue(
                                 Extension.authorityKeyIdentifier.getId()));
 
-                this.authorityInfoAccess = getAuthorityInfoAccess();
+                this.authorityInfoAccess = getAuthorityInfoAccess(x509Certificate
+                        .getExtensionValue(Extension.authorityInfoAccess.getId()));
                 this.keyUsage = parseKeyUsage(x509Certificate.getKeyUsage());
                 this.crlPoints = getCRLDistributionPoint();
 
@@ -395,6 +396,9 @@ public abstract class Certificate extends ArchivableEntity {
 
                 authKeyIdentifier = AuthorityKeyIdentifier
                         .fromExtensions(attCertInfo.getExtensions());
+                this.authorityInfoAccess = getAuthorityInfoAccess(
+                        AuthorityInformationAccess.fromExtensions(
+                                attCertInfo.getExtensions()));
 
                 switch (attCert.getSignatureAlgorithm().getAlgorithm().getId()) {
                     case RSA256_OID:
@@ -668,16 +672,31 @@ public abstract class Certificate extends ArchivableEntity {
      *
      * @return List Authority info access list
      */
-    private String getAuthorityInfoAccess() {
+    private String getAuthorityInfoAccess(final byte[] authoInfoAccess) {
         StringBuilder sb = new StringBuilder();
 
         try {
-            byte[] authAccess = getX509Certificate().getExtensionValue(
-                    Extension.authorityInfoAccess.getId());
-            if (authAccess != null && authAccess.length > 0) {
-                AuthorityInformationAccess authInfoAccess = AuthorityInformationAccess
-                        .getInstance(X509ExtensionUtil.fromExtensionValue(authAccess));
-                for (AccessDescription desc : authInfoAccess.getAccessDescriptions()) {
+            if (authoInfoAccess != null && authoInfoAccess.length > 0) {
+                sb.append(getAuthorityInfoAccess(AuthorityInformationAccess
+                        .getInstance(X509ExtensionUtil.fromExtensionValue(authoInfoAccess))));
+            }
+        } catch (IOException ioEx) {
+            LOGGER.error(ioEx);
+        }
+
+        return sb.toString();
+    }
+
+    /**
+     * Getter for the AuthorityInfoAccess extension value on list format.
+     *
+     * @return List Authority info access list
+     */
+    private String getAuthorityInfoAccess(final AuthorityInformationAccess authInfoAccess) {
+        StringBuilder sb = new StringBuilder();
+
+        if (authInfoAccess != null) {
+            for (AccessDescription desc : authInfoAccess.getAccessDescriptions()) {
                     if (desc.getAccessLocation().getTagNo() == GeneralName
                             .uniformResourceIdentifier) {
                         sb.append(String.format("%s%n", ((DERIA5String) desc
@@ -685,10 +704,7 @@ public abstract class Certificate extends ArchivableEntity {
                                 .getName())
                                 .getString()));
                     }
-                }
             }
-        } catch (IOException ioEx) {
-            LOGGER.error(ioEx);
         }
 
         return sb.toString();

HIRS_Utils/src/test/java/hirs/data/persist/certificate/CertificateTest.java

@@ -35,6 +35,12 @@ public class CertificateTest {
     public static final String FAKE_INTEL_INT_CA_FILE =
             "/certificates/fakeIntelIntermediateCA.cer";
 
+    /**
+     * Location of a test (fake) Intel intermediate CA certificate.
+     */
+    public static final String INTEL_INT_CA_FILE =
+            "/validation/platform_credentials/intel_chain/root/intermediate2.cer";
+
     /**
      * Location of a test (fake) SGI intermediate CA certificate.
      */
@@ -227,16 +233,32 @@ public class CertificateTest {
         X509Certificate certificate = readX509Certificate(FAKE_ROOT_CA_FILE);
 
         Assert.assertEquals(rootCert.getSerialNumber(), certificate.getSerialNumber());
-        Assert.assertEquals(rootCert.getIssuer(), certificate.getIssuerX500Principal().getName());
-        Assert.assertEquals(rootCert.getSubject(), certificate.getSubjectX500Principal().getName());
-        Assert.assertEquals(
-                rootCert.getEncodedPublicKey(), certificate.getPublicKey().getEncoded()
-        );
+        Assert.assertEquals(rootCert.getIssuer(),
+                certificate.getIssuerX500Principal().getName());
+        Assert.assertEquals(rootCert.getSubject(),
+                certificate.getSubjectX500Principal().getName());
+        Assert.assertEquals(rootCert.getEncodedPublicKey(),
+                certificate.getPublicKey().getEncoded());
         Assert.assertEquals(rootCert.getSignature(), certificate.getSignature());
         Assert.assertEquals(rootCert.getBeginValidity(), certificate.getNotBefore());
         Assert.assertEquals(rootCert.getEndValidity(), certificate.getNotAfter());
     }
 
+    /**
+     * Tests that Certificate correctly parses out non standard fields from an X509 Certificate.
+     *
+     * @throws IOException if there is a problem reading the cert file at the given path
+     */
+    @Test
+    public void testX509CertificateParsingExtended() throws IOException {
+        Certificate rootCert = getTestCertificate(INTEL_INT_CA_FILE);
+        Assert.assertEquals(rootCert.getAuthInfoAccess(),
+                "https://trustedservices.intel.com/"
+                        + "content/TSC/certs/TSC_SS_RootCA_Certificate.cer\n");
+        Assert.assertEquals(rootCert.getAuthKeyId(),
+                "b56f72cdfd66ce839e1fdb40498f07291f5b99b7");
+    }
+
     /**
      * Tests that Certificate correctly parses out standard fields from an X509 attribute
      * certificate.
@@ -272,6 +294,26 @@ public class CertificateTest {
         Assert.assertEquals(platformCert.getEndValidity(), attrCertHolder.getNotAfter());
     }
 
+    /**
+     * Tests that Certificate correctly parses out non-standard fields from an X509 attribute
+     * certificate.
+     *
+     * @throws IOException if there is a problem reading the cert file at the given path
+     * @throws URISyntaxException if there is a problem constructing the file's URI
+     */
+    @Test
+    public void testX509AttributeCertificateParsingExtended()
+            throws IOException, URISyntaxException {
+        Certificate platformCert = getTestCertificate(
+                PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_6);
+
+        Assert.assertEquals(platformCert.getAuthInfoAccess(),
+                "https://trustedservices.intel.com/"
+                        + "content/TSC/certs/TSC_IssuingCAIKGF_TEST.cer\n");
+        Assert.assertEquals(platformCert.getAuthKeyId(),
+                "3c06b9fb63a53ca57c6b87433339f1dca807fba4");
+    }
+
     /**
      * Tests that Certificate correctly trims out additional padding from a given certificate.
      *

HIRS_Utils/src/test/java/hirs/data/persist/certificate/PlatformCredentialTest.java

@@ -56,6 +56,12 @@ public class PlatformCredentialTest {
     static final String TEST_PLATFORM_CERT_5 =
             "/validation/platform_credentials/Intel_pc5.pem";
 
+    /**
+     * Location of another, slightly different platform attribute cert.
+     */
+    static final String TEST_PLATFORM_CERT_6 =
+            "/validation/platform_credentials/Intel_nuc1.cer";
+
     /**
      * Platform Certificate 2.0 with all the expected data.
      */